Re: [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs ANAME vs CNAME

Ray Bellis <ray@bellis.me.uk> Fri, 09 November 2018 02:54 UTC

Return-Path: <ray@bellis.me.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FEAB130DD0 for <dnsop@ietfa.amsl.com>; Thu, 8 Nov 2018 18:54:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FBLHv6IbCToR for <dnsop@ietfa.amsl.com>; Thu, 8 Nov 2018 18:54:20 -0800 (PST)
Received: from hydrogen.portfast.net (hydrogen.portfast.net [188.246.200.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19295130DCA for <dnsop@ietf.org>; Thu, 8 Nov 2018 18:54:20 -0800 (PST)
Received: from dhcp-9a4f.meeting.ietf.org ([31.133.154.79]:55333) by hydrogen.portfast.net ([188.246.200.2]:465) with esmtpsa (fixed_plain:ray@bellis.me.uk) (TLS1.0:RSA_AES_128_CBC_SHA1:16) id 1gKww1-0001X8-U0 (Exim 4.72) (return-path <ray@bellis.me.uk>); Fri, 09 Nov 2018 02:54:14 +0000
To: Paul Vixie <paul@redbarn.org>
Cc: dnsop@ietf.org
References: <CAH1iCirLfSEUcTf=p5bHuFJSFie_BoPh4X=89w2mpxgNpR9HkA@mail.gmail.com> <2BDA0411-202D-4199-A43B-3FDC50DC47F5@isoc.org> <CAH1iCirdkU-jYLRGeOm3DcdsReShyOez3oU5hw5sJYEtQyyqGw@mail.gmail.com> <D378E8F5-A667-4649-90ED-7C3612F0A013@isoc.org> <a4087032-acb2-0f2e-f84b-31d2885d8390@bellis.me.uk> <alpine.DEB.2.20.1811081801580.3596@grey.csi.cam.ac.uk> <7702EE25-1B10-4880-804C-C7CF5FE609C8@isc.org> <A7834682-C078-4E7F-985E-8FBBF387AC66@dotat.at> <57fff590-9e0f-0510-9c8a-bc0abab471b6@bellis.me.uk> <5BE4F151.8000802@redbarn.org>
From: Ray Bellis <ray@bellis.me.uk>
Message-ID: <4d0f4eff-0d11-6e53-ee8b-6a5765eb3376@bellis.me.uk>
Date: Fri, 09 Nov 2018 09:54:15 +0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <5BE4F151.8000802@redbarn.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/cMA68C7zyHcwZOb6q-Jd0g7CguY>
Subject: Re: [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs ANAME vs CNAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Nov 2018 02:54:22 -0000


On 09/11/2018 09:30, Paul Vixie wrote:

> i regret not adding ANY as an RR type (not just a Q type) back when 
> the DNS was small and i supported 90% of it. what we actually needed
>  is a wildcard on types so that if there's no more-specific type you
>  get that one, which would have an rdata of the target name, but act
>  like PTR (which the DNS requester has to follow) rather than like 
> CNAME (which the recursive has to follow.)

interesting... :)

> i am loath to create per-service record types. that's why SRV. if you
> really want every client of a service to query for something other
> than AAAA/A, can you try to fix what's wrong with SRV regarding
> wildcards, but avoid a new type code for every new thing like MX and
> HTTP as they come along in the decades to follow?

Creating per-service record types is the IAB's preferred option (per RFC
5507).

Is fixing wildcards for SRV even possible without a major forklift 
upgrade to the DNS?

> also, does SSH count as a service? what about FTP? Gopher? RSync? 
> NNTP? IMAP(S)?

My line of thinking is that in this context a service is "a domain-wide
facility that's exposed to third parties where it is strongly preferred
that the third party use the bare domain name directly because that
domain name is used in end-user identities or to identify the endpoint".

For me, that would include:   SMTP, HTTP(s), SIP, XMPP

So, with respect to your list:

SSH - no, it's for managing a specific host

FTP - maybe, but is still well served by the "ftp." convention

Gopher - yes, if it still has any use?

Rsync - maybe - it's most often used for host-to-host transfers,
      but arguably a domain could offer file dist via rsync::,
      although again the "rsync." prefix would usually suffice.

NNTP - probably not, end users see the hostname in their config
      but "news." etc is fine.

IMAP - I believe there's already mechanisms for discovering IMAP
      servers via SRV, although AIUI it's usually a one-off
      configuration-time search, not per-session.

> it may not be too late to think architectural thoughts like "what 
> will the internet engineering community think, 50 years from now, 
> that we should have done for them?"

I hope that's what I'm trying to do.  It would be real bad if some
alternative to "the web" comes along in 10 years time but we can't
differentiate it in the DNS because too many A and AAAA records are
assumed (absent a service identifier) to be dedicated to "the web".

> i don't think you mean "actual". anycasted addresses act like host 
> addresses in all ways (answering UDP, answering TCP SYN, answering 
> ICMP) but are not "actual" hosts. i think i know what you _mean_ here
> and if so i agree with that. but 1.1.1.1 answers both HTTPS and DNS,
> and would surely get an AAAA and A in your model, but is not a 
> "host", and its DNS owner would not be a "hostname". perhaps you mean
> "effective host" which could be real or virtual?

Yes, indeed, that is a more accurate definition.

regards,

Ray