Re: [DNSOP] RFC 8482 (the ANY -> HINFO hack) and DNAME

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 17 November 2019 06:20 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCF5112007C for <dnsop@ietfa.amsl.com>; Sat, 16 Nov 2019 22:20:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wlB0sbzWosAU for <dnsop@ietfa.amsl.com>; Sat, 16 Nov 2019 22:20:45 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5ED24120089 for <dnsop@ietf.org>; Sat, 16 Nov 2019 22:20:45 -0800 (PST)
Received: from [192.168.1.161] (unknown [192.168.1.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id 8716932F00A for <dnsop@ietf.org>; Sun, 17 Nov 2019 01:20:44 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <20191116144152.0AB3DF61257@ary.iecc.com>
Date: Sun, 17 Nov 2019 01:20:43 -0500
Content-Transfer-Encoding: 7bit
Reply-To: dnsop@ietf.org
Message-Id: <069FA704-BC4C-4777-B812-E161993F22AB@dukhovni.org>
References: <20191116144152.0AB3DF61257@ary.iecc.com>
To: dnsop@ietf.org
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/fTIj9WP3IyC2z28Ic2V09e_rZUQ>
Subject: Re: [DNSOP] RFC 8482 (the ANY -> HINFO hack) and DNAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Nov 2019 06:20:47 -0000

> On Nov 16, 2019, at 9:41 AM, John Levine <johnl@taugh.com> wrote:
> 
> Remember that it's invalid for an NS or MX to point to a CNAME so I assume
> it's equally invalid for them to point to a DNAME.

There's no need for NS RRs pointing the non-canonical names, the DNAMEs
are there for continuity (or to support alternative representations) of
actual application services.  That's not a real barrier to DNAME use.

And speaking of application services, the prohibition of MX pointing to
CNAME is not enforced by any MTA I'm aware, and a small, but non-negligible
fraction of domains do have MX RRs that point to CNAMEs.

In my DANE survey, out of of 8503 MX hosts, 130 (1.5%) are CNAME aliases.
None presently via DNAMEs, but Tony Finch has a DNAME redirecting TLSA
lookups:

  _tcp.hummus.csx.cam.ac.uk. IN DNAME _hummus_tcp.exim.org.

and three other domains also have DNAME-redirected _tcp subtrees.

-- 
	Viktor.