Re: [DNSOP] Minimum viable ANAME

Ray Bellis <> Tue, 06 November 2018 10:43 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1DD58130DC9 for <>; Tue, 6 Nov 2018 02:43:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zQgWrOXFJRH6 for <>; Tue, 6 Nov 2018 02:43:00 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E723A1277C8 for <>; Tue, 6 Nov 2018 02:42:59 -0800 (PST)
Received: from ([]:63800) by ([]:465) with esmtpsa ( (TLS1.0:RSA_AES_128_CBC_SHA1:16) id 1gJyoz-0000Zf-Dj (Exim 4.72) for (return-path <>); Tue, 06 Nov 2018 10:42:57 +0000
References: <20180919201401.8E0C220051382A@ary.qy> <> <20180920061343.GA754@jurassic> <> <> <> <> <>
From: Ray Bellis <>
Message-ID: <>
Date: Tue, 6 Nov 2018 17:42:55 +0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [DNSOP] Minimum viable ANAME
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 06 Nov 2018 10:43:02 -0000

On 06/11/2018 17:17, Tim Wicinski wrote:
> In doing some digging through my data, I have instances which I have an 
> apex of a zone, sub zone, etc that are not HTTP but actually a dynamic 
> database endpoint.
> I also have solid number of instances where the apex is used mainly as 
> an API endpoint, that serves not HTTP web content.

I think you're expressing a similar concern to those that Wes expressed 
at the mic.

However, if there was also an HTTP endpoint on that domain apex, how 
would you distinguish it from the non-HTTP one?   Clients don't connect 
to "hosts", they connect to "services" on those hosts.

Recalling Mark's message from last night which indirectly referenced RFC 

> People ... want a pointer to a server for a service at the apex.
> CNAME provided a pointer to a server when the prefix was www. 
> This can be done a number of ways.
> 1) Prefix  + name in rdata.
> 2) Service specific type + name in rdata > 3) Generic type + service and name in rdata.

#1 is what SRV does, but HTTP has issues with that
#2 is what my proposed HTTP record does
#3 is what SPF etc uses - TXT records with a prefix in the RDATA

These methods are not mutually exclusive - a prefixed SRV record can 
co-exist with an SPF TXT record and an HTTP (or other record) all at the 
same point in the DNS.

Turning my proposal into a supposedly "future proof" RR type as was 
suggested yesterday that covers non-HTTP "future services" won't work 
unless it uses a service prefix (#1) or something else in the RDATA 
(subtyping, #3) to identify the service.