Re: [DNSOP] Any website publishers who use CDNs on the list?

Evan Hunt <> Fri, 02 November 2018 21:41 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 29B4512EB11 for <>; Fri, 2 Nov 2018 14:41:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zd7O7ERYXMia for <>; Fri, 2 Nov 2018 14:41:15 -0700 (PDT)
Received: from ( [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 52EBA128CF2 for <>; Fri, 2 Nov 2018 14:41:15 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 072CD3AB99C; Fri, 2 Nov 2018 21:41:15 +0000 (UTC)
Received: by (Postfix, from userid 10292) id E2EAD216C1C; Fri, 2 Nov 2018 21:41:14 +0000 (UTC)
Date: Fri, 02 Nov 2018 21:41:14 +0000
From: Evan Hunt <>
To: Måns Nilsson <>
Cc: Dan York <>, " WG" <>
Message-ID: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <>
Subject: Re: [DNSOP] Any website publishers who use CDNs on the list?
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 02 Nov 2018 21:41:17 -0000

On Fri, Nov 02, 2018 at 10:16:25PM +0100, Måns Nilsson wrote:
> At the risk of sounding like a repetitive bore, what is actually needed
> is a way to say "for that domain name, apex or not, https[1] services are
> over there ---->". Without messing up the entire node in the tree and
> causing special processing in every name server and full service
> resolver. And without stomping the other interesting protocols that
> might like a RR on the node to be found.
> The entire effect that ANAME is supposed to have is achieved easier 
> by publishing URI records. And by getting web browsers to ask for URI
> first.

Speaking as a co-author of ANAME, I agree about this. URI, SRV, a proposed
new HTTP RRtype, whatever - service lookup is absolutely the correct way to
accomplish this goal.

However, browser vendors are *not doing that*, and I've given up hope that
they ever will. Trying to out-stubborn them has been ineffective.

So vendors muck around in DNS software to solve what ought to be a
non-problem, ending up with mutually-incompatible, protocol-violating
bodges - apex CNAME, ALIAS, etc.  ANAME is an effort to unify these
various approaches into a standards-compliant, portable bodge.

Elegant it isn't, but if we don't standardize ANAME, the existing bodges
will persist.  Browser vendors want the DNS to give them addresses, and
only addresses.

If you can get them to change their minds, though, I wish you all success.

Evan Hunt --
Internet Systems Consortium, Inc.