Re: [DNSOP] Minimum viable ANAME
Brian Dickson <brian.peter.dickson@gmail.com> Tue, 26 March 2019 16:22 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA7151205A1 for <dnsop@ietfa.amsl.com>; Tue, 26 Mar 2019 09:22:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tK7viMszmAYG for <dnsop@ietfa.amsl.com>; Tue, 26 Mar 2019 09:22:47 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CD5E12059A for <dnsop@ietf.org>; Tue, 26 Mar 2019 09:22:38 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id v20so15232747qtv.12 for <dnsop@ietf.org>; Tue, 26 Mar 2019 09:22:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DIKKsnxCS5rWSpo3jJUOpjrFiLjEnWXYesdtYBYYjBo=; b=auLJCG+MKLY5ACsCF6/gmv8sRTp/snPTIal9BrN+QXFnqQZjzVlDoX2wQCfUapGdd9 O+r1cUmBVldxscF+HuhH17Y8wqYTNAmhIPMj5WwUmxevwzxQzxbHA5QSS2FaCky3QhfC eG2qaMxlk3SRP0fn8+BfC1v5TfLc90Q5hNAV4KJMAnNMgBLe9bp0a8oopIW47jGYH1Td MrU8zTPIw2/zPIeD1JjoMzQaInOQWsdNIwRH5zQhuJkZQ70Ro+v8AtAahHkQdDR/IvBI 6WzjMIv22OqLGFNdDY57i9Hp8f+DznDmPl378JvcdEuDENS8bZXs7cNAATCJYYCQxnSh NZrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DIKKsnxCS5rWSpo3jJUOpjrFiLjEnWXYesdtYBYYjBo=; b=Mbq5+JXeo7ogvBsrwSLJ71Hx2nWYEl6BcG+C3PLVYH4FF11nTvpTRdXOwbgsWTTSwA efVGRVFhBMCDtDM6nkxke56JeDouEbn1da0wbm7L22FJW+QQJERQR4ZYUCIH7/Ex3f/P BjwA2MtiQhbXuFESDFfJbhenYf4ce3rfRqzm/r7JBoVCAgu7W+Pi7oximsldfATVEDWj bE0LBosA/oMKBk0yA6vpaY0nPJr3GTRfDejaxkZClrApu5nIK2n7HFbKhzkLPye4G+QA Y0Oq59CbRVktaIYCIILOTFH7UFzRlZxZg9TgBZi29a9unUZTq1LW4Iimioppzttke0yk +IiA==
X-Gm-Message-State: APjAAAXom14WAuaUMN3HJ+7+LxHWssslP1KVayDwH+FeD16upJTcmh9k CBnkG7FRGYosPWAoDpF/+7xGKr6wl8nNHtULFtE=
X-Google-Smtp-Source: APXvYqw+9DlU6gR5DFw6y/BW8Rs9mndxzQW2NftaM5yf9nEsUUA0i21juCQOAUELy1SFkT83UuPQaJHR+dXIz/r1zgs=
X-Received: by 2002:ac8:2b83:: with SMTP id m3mr26293271qtm.305.1553617357156; Tue, 26 Mar 2019 09:22:37 -0700 (PDT)
MIME-Version: 1.0
References: <20180919201401.8E0C220051382A@ary.qy> <08C8A740-D09B-4577-AF2A-79225EDB526B@dotat.at> <20180920061343.GA754@jurassic> <E944887D-51ED-41A0-AC5A-3076743620D8@isoc.org> <acef1f69-8e4f-52cc-dca5-3ada9446e0ee@bellis.me.uk> <CABrJZ5HmCoSsGe2L-JkAsPywhcxyyVkvMmXCvQyJMjWHnMeT_w@mail.gmail.com> <alpine.DEB.2.20.1903261521290.13313@grey.csi.cam.ac.uk> <104ec4ea-296f-1657-5633-f6c1f2684274@pletterpet.nl> <alpine.DEB.2.20.1903261540330.13313@grey.csi.cam.ac.uk>
In-Reply-To: <alpine.DEB.2.20.1903261540330.13313@grey.csi.cam.ac.uk>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Tue, 26 Mar 2019 17:22:25 +0100
Message-ID: <CAH1iCir8kCo9M4BvRiJCZzXK5EHaf9ja96p=kDdzqh-qHkhP+w@mail.gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: Matthijs Mekking <matthijs@pletterpet.nl>, "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b0b552058501baac"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Ze8LEDec3DbOycJyx8xpYvPFcFE>
Subject: Re: [DNSOP] Minimum viable ANAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 16:22:55 -0000
I think the one proposal was very client-specific, which kind of ruled it out for a generic "aname" type. That was Ray's "HTTP" RRtype, that I did a deep dive on. Basically, you are correct; the easiest path forward would be for client software upgrades to get actual DNS records (rather than rely on getaddrinfo), and do the indirection following (similar to and inclusive of CNAME and DNAME, in addition to the new "HTTP" type.) It avoids requiring recursives do the extra handling (analogous to CNAME chaining and ultimately returning A/AAAA, based on the original QTYPE) It definitely is the case that there is anti-consensus on the original ANAME spec which requires sibling records provisioned/populated/maintained by authority servers -- which is basically fatal to the original ANAME draft. I would definitely be willing to work on a true reset of ANAME that goes in the other direction. I suspect that's what Ray's reset will involve, and I believe that any effort on the current ANAME before the reset, would likely be wasted effort. I really want to avoid the issue where those who have, in good faith, contributed significant effort, want to hold onto that work, even if that work is ultimately counter-productive. Please see the discussion on the list from November 2018 timeframe, on the major issues.... Thanks, Brian On Tue, Mar 26, 2019 at 5:10 PM Tony Finch <dot@dotat.at> wrote: > Matthijs Mekking <matthijs@pletterpet.nl> wrote: > > > > I think that would be the wrong direction. I believe there is a need to > > standardize the ANAME resolution process and so my suggestion would be to > > reduce the scope by focusing just on how to do that on the provisioning > side > > (and leave secondary servers and resolvers out of scope for now). > > >From past discussions, I didn't think there was any way we could get > consensus on the provisioning side. > > Dynamic lookups on authoritative servers are out, because it has to be > compatible with traditional secondaries. > > Updates on the primary are out, because that doesn't scale to large > numbers of zones. > > Sometimes a system might have known fallback addresses, but often it won't > (e.g. whether the DNS setup is or isn't coupled to a web provisioning > system). > > But I think it's reasonable to allow whatever provisioning mechanisms > there might be, provided the meaning of answers from auth -> rec have a > consistent meaning that resolvers can use. > > It's also really imortant that ANAME can work in multi-provider setups, so > there needs to be something approaching interoperable semantics for > importing a zone file into a provisioning system. (Though I think the > semantics will have to be very loose in this case, to allow for variations > between existing systems.) > > I haven't seen any objections to support for ANAME in recursive servers > so I'm surprised you think that is problematic enough to be removed. My > understanding was that recursive support is seen as better than trying to > do all the tricks on authoritative servers. > > Tony. > -- > f.anthony.n.finch <dot@dotat.at> http://dotat.at/ > safeguard the balance of nature and the environment > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
- [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Anthony Eden
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Paul Vixie
- Re: [DNSOP] Minimum viable ANAME Paul Wouters
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME John Levine
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Paul Wouters
- Re: [DNSOP] Minimum viable ANAME Mukund Sivaraman
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME 神明達哉
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Dan York
- Re: [DNSOP] Minimum viable ANAME Matthew Pounsett
- Re: [DNSOP] Minimum viable ANAME 神明達哉
- Re: [DNSOP] Minimum viable ANAME JW
- Re: [DNSOP] Minimum viable ANAME Ray Bellis
- Re: [DNSOP] Minimum viable ANAME Havard Eidnes
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Havard Eidnes
- Re: [DNSOP] Minimum viable ANAME Tim Wicinski
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Havard Eidnes
- Re: [DNSOP] Minimum viable ANAME Ray Bellis
- Re: [DNSOP] Minimum viable ANAME Erik Nygren
- Re: [DNSOP] Minimum viable ANAME Paul Vixie
- Re: [DNSOP] Minimum viable ANAME Ray Bellis
- Re: [DNSOP] Minimum viable ANAME Ray Bellis
- Re: [DNSOP] Minimum viable ANAME Paul Vixie
- Re: [DNSOP] Minimum viable ANAME Mark Andrews
- Re: [DNSOP] Minimum viable ANAME Paul Vixie
- Re: [DNSOP] Minimum viable ANAME Mark Andrews
- Re: [DNSOP] Minimum viable ANAME Brian Dickson
- Re: [DNSOP] Minimum viable ANAME Ray Bellis
- Re: [DNSOP] Minimum viable ANAME Tim Wicinski
- Re: [DNSOP] Minimum viable ANAME Paul Vixie
- Re: [DNSOP] Minimum viable ANAME Ben Schwartz
- Re: [DNSOP] Minimum viable ANAME Matthijs Mekking
- Re: [DNSOP] Minimum viable ANAME Ray Bellis
- Re: [DNSOP] Minimum viable ANAME Tim Wicinski
- Re: [DNSOP] Minimum viable ANAME Ray Bellis
- Re: [DNSOP] Minimum viable ANAME Matthijs Mekking
- Re: [DNSOP] Minimum viable ANAME Ray Bellis
- Re: [DNSOP] Minimum viable ANAME Matthijs Mekking
- Re: [DNSOP] Minimum viable ANAME Mark Andrews
- Re: [DNSOP] Minimum viable ANAME Mark Andrews
- Re: [DNSOP] Minimum viable ANAME Ben Schwartz
- Re: [DNSOP] Minimum viable ANAME Mark Andrews
- [DNSOP] ALTSRV Masataka Ohta
- Re: [DNSOP] Minimum viable ANAME Ben Schwartz
- Re: [DNSOP] Minimum viable ANAME Mark Andrews
- Re: [DNSOP] Minimum viable ANAME Olli Vanhoja
- Re: [DNSOP] Minimum viable ANAME tjw ietf
- Re: [DNSOP] Minimum viable ANAME Dan York
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Matthijs Mekking
- Re: [DNSOP] Minimum viable ANAME Matthijs Mekking
- Re: [DNSOP] Minimum viable ANAME Matthijs Mekking
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Brian Dickson
- Re: [DNSOP] Minimum viable ANAME Matthijs Mekking
- Re: [DNSOP] Minimum viable ANAME Vladimír Čunát
- Re: [DNSOP] Minimum viable ANAME Olli Vanhoja
- Re: [DNSOP] Minimum viable ANAME Vladimír Čunát
- Re: [DNSOP] Minimum viable ANAME Brian Dickson
- Re: [DNSOP] Minimum viable ANAME Olli Vanhoja
- Re: [DNSOP] Minimum viable ANAME Brian Dickson
- Re: [DNSOP] Minimum viable ANAME Olli Vanhoja
- Re: [DNSOP] Minimum viable ANAME Tony Finch
- Re: [DNSOP] Minimum viable ANAME Dan York
- Re: [DNSOP] Minimum viable ANAME Benno Overeinder