Re: [DNSOP] Alias mode processing in auths for draft-ietf-dnsop-svcb-https-01
Mark Andrews <marka@isc.org> Wed, 05 August 2020 21:00 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id D4A3A3A0F8B
for <dnsop@ietfa.amsl.com>; Wed, 5 Aug 2020 14:00:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id FU2JwQVr1qQa for <dnsop@ietfa.amsl.com>;
Wed, 5 Aug 2020 14:00:33 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 600F33A0F8A
for <dnsop@ietf.org>; Wed, 5 Aug 2020 14:00:33 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx.pao1.isc.org (Postfix) with ESMTPS id 348893AB00B;
Wed, 5 Aug 2020 21:00:33 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1])
by zmx1.isc.org (Postfix) with ESMTPS id 2781B16005B;
Wed, 5 Aug 2020 21:00:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by zmx1.isc.org (Postfix) with ESMTP id 17B29160070;
Wed, 5 Aug 2020 21:00:33 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1])
by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id ww9JzSTgudDc; Wed, 5 Aug 2020 21:00:33 +0000 (UTC)
Received: from [172.30.42.68] (unknown [49.2.101.160])
by zmx1.isc.org (Postfix) with ESMTPSA id 775E916005B;
Wed, 5 Aug 2020 21:00:32 +0000 (UTC)
Content-Type: text/plain;
charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.6\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <00cfd965-bf69-d1cb-2df3-1a9bb110d7e0@powerdns.com>
Date: Thu, 6 Aug 2020 07:00:28 +1000
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <5046F915-9BD9-4FA8-9048-2A387C59DC0E@isc.org>
References: <00cfd965-bf69-d1cb-2df3-1a9bb110d7e0@powerdns.com>
To: Pieter Lexis <pieter.lexis@powerdns.com>
X-Mailer: Apple Mail (2.3445.9.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/hmhqHhwbtFAFxe_KENZYB6cywmI>
Subject: Re: [DNSOP] Alias mode processing in auths for
draft-ietf-dnsop-svcb-https-01
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>,
<mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2020 21:00:35 -0000
> On 6 Aug 2020, at 02:05, Pieter Lexis <pieter.lexis@powerdns.com> wrote: > > Hi folks, > > Section 2.4.1 says > > ``` > The primary purpose of AliasMode is to allow aliasing at the zone apex, > where CNAME is not allowed. In AliasMode, TargetName MUST be the name of > a domain that has SVCB, AAAA, or A records. > ``` > > and section 4.1 says > > ``` > When replying to a SVCB query, authoritative DNS servers SHOULD return > A, AAAA, and SVCB records in the Additional Section for any in-bailiwick > TargetNames. > ``` > > Does this mean that the processing differs from 'regular' in-zone CNAME > processing? Where I define this processing as "look for the Target name > with the type from the query and use that result's status as query result". > > Considering this zone (abbreviated): > > ``` > svcb-alias.example.net SVCB 0 alias-target.example.net > alias-target.example.net A 192.0.2.1 > ``` > > What would be the correct response to a svcb-alias.example.net|SVCB query? > > ``` > ;; QUESTION SECTION: > ;svcb-alias.example.net. IN SVBC > > ;; ANSWER SECTION: > svcb-alias.example.net. 3600 IN SVBC 3600 0 alias-target.example.net > example.net. IN SOA 3600 [....] > > ;; ADDITIONAL SECTION: > alias-target.example.net. 3600 IN A 192.0.2.1 > > ``` > > or > > > ``` > ;; QUESTION SECTION: > ;svcb-alias.example.net. IN SVBC > > ;; ANSWER SECTION: > svcb-alias.example.net. 3600 IN SVBC 3600 0 alias-target.example.net > > ;; ADDITIONAL SECTION: > alias-target.example.net. 3600 IN A 192.0.2.1 > > ``` The second. > With the former, implementers would be be able to reuse the existing > aliasing code paths. With the latter, changes will have to be made to > the codepath as the AliasMode is not a 'true' alias as CNAME is. It isn’t an ALIAS. Its a bad description that is the result of HTTP mis-using the CNAME record for the last 20 odd years. HTTP has always needed a "server for" record like MX or SRV. We just haven’t been able to get http developers invested in the idea until now. > In the same vein, what happens in a zone like this (with the same > incoming query for svcb-alias.example.net|SVCB): > > ``` > svcb-alias.example.net SVCB 0 alias-target1.example.net > alias-target1.example.net SVCB 0 alias-target2.example.net > alias-target2.example.net SVCB 1 . ipv4hint=192.0.2.1 > > alias-target2.example.net A 192.0.2.1 > ``` > > Do *both* alias-target{1,2}.example.net|SVBC records end up in the > ADDITIONAL section. Or are they (as is the case with an in-zone CNAME) > considered an answer and should they go into the ANSWER section? They go in the additional section. > I find the alias mode semantics (on the DNS-level) unclear and > under-specified in the draft. I look forward to guidance from the authors. > > Best regards, > > Pieter > > -- > Pieter Lexis > PowerDNS.COM BV -- https://www.powerdns.com > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] Alias mode processing in auths for draft-… Pieter Lexis
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz
- Re: [DNSOP] Alias mode processing in auths for dr… Brian Dickson
- Re: [DNSOP] Alias mode processing in auths for dr… Pieter Lexis
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz
- Re: [DNSOP] Alias mode processing in auths for dr… Mark Andrews
- Re: [DNSOP] Alias mode processing in auths for dr… Mark Andrews
- [DNSOP] Fwd: Alias mode processing in auths for d… Mark Andrews
- Re: [DNSOP] Alias mode processing in auths for dr… Pieter Lexis
- Re: [DNSOP] Alias mode processing in auths for dr… Mark Andrews
- Re: [DNSOP] Alias mode processing in auths for dr… Brian Dickson
- Re: [DNSOP] Alias mode processing in auths for dr… Mark Andrews
- Re: [DNSOP] Alias mode processing in auths for dr… Brian Dickson
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz
- Re: [DNSOP] Alias mode processing in auths for dr… Brian Dickson
- Re: [DNSOP] Alias mode processing in auths for dr… Mark Andrews
- Re: [DNSOP] Alias mode processing in auths for dr… Brian Dickson
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz
- Re: [DNSOP] Alias mode processing in auths for dr… Brian Dickson
- Re: [DNSOP] Alias mode processing in auths for dr… Tony Finch
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz
- Re: [DNSOP] Alias mode processing in auths for dr… Tony Finch
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz
- Re: [DNSOP] Alias mode processing in auths for dr… Brian Dickson
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz
- Re: [DNSOP] Alias mode processing in auths for dr… Tony Finch
- Re: [DNSOP] Alias mode processing in auths for dr… Tony Finch
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz
- Re: [DNSOP] Alias mode processing in auths for dr… Mark Andrews
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz
- Re: [DNSOP] Alias mode processing in auths for dr… Ben Schwartz