Re: [DNSOP] Minimum viable ANAME

Matthijs Mekking <matthijs@pletterpet.nl> Tue, 06 November 2018 12:38 UTC

Return-Path: <matthijs@pletterpet.nl>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B7529130DF4 for <dnsop@ietfa.amsl.com>; Tue, 6 Nov 2018 04:38:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1SA8V4BK-ZNy for <dnsop@ietfa.amsl.com>; Tue, 6 Nov 2018 04:38:33 -0800 (PST)
Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD469130DC3 for <dnsop@ietf.org>; Tue, 6 Nov 2018 04:38:32 -0800 (PST)
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.22/8.16.0.22) with SMTP id wA6CTMjN027557 for <dnsop@ietf.org>; Tue, 6 Nov 2018 12:38:31 GMT
Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by userp2130.oracle.com with ESMTP id 2nh33tvy4f-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <dnsop@ietf.org>; Tue, 06 Nov 2018 12:38:31 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id wA6CcTMI018253 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <dnsop@ietf.org>; Tue, 6 Nov 2018 12:38:31 GMT
Received: from abhmp0018.oracle.com (abhmp0018.oracle.com [141.146.116.24]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id wA6CcTZx029193 for <dnsop@ietf.org>; Tue, 6 Nov 2018 12:38:29 GMT
Received: from [172.19.129.214] (/216.146.45.33) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 06 Nov 2018 04:38:29 -0800
To: dnsop@ietf.org
References: <20180919201401.8E0C220051382A@ary.qy> <08C8A740-D09B-4577-AF2A-79225EDB526B@dotat.at> <20180920061343.GA754@jurassic> <E944887D-51ED-41A0-AC5A-3076743620D8@isoc.org> <acef1f69-8e4f-52cc-dca5-3ada9446e0ee@bellis.me.uk> <683ea769-094a-4f06-5a43-d5cb557f285a@pletterpet.nl> <75d28a7a-826c-6ae4-8df0-7813035d04a0@bellis.me.uk> <85b54d67-5f58-2cdc-9080-e7bcf86c2995@pletterpet.nl> <a3869874-e16e-12cb-a385-f8b11bee4f69@bellis.me.uk>
From: Matthijs Mekking <matthijs@pletterpet.nl>
Message-ID: <cd7bb7d7-dfd4-d8f2-7f0c-ccb2a64a7a84@pletterpet.nl>
Date: Tue, 06 Nov 2018 13:38:26 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
In-Reply-To: <a3869874-e16e-12cb-a385-f8b11bee4f69@bellis.me.uk>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9068 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=835 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1811060112
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/kblugU1_fXeUTBvF8IwGyKgfZJg>
Subject: Re: [DNSOP] Minimum viable ANAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Nov 2018 12:38:36 -0000


On 06-11-18 12:39, Ray Bellis wrote:
> 
> 
> On 06/11/2018 17:58, Matthijs Mekking wrote:
> 
>> That's the crux: A solution that depends on upgrading the resolvers is 
>> considered not a (fast enough) deployable solution.
> 
> The HTTP record does not depend on resolvers being upgraded.   If the 
> browser vendors implement the client side, it's not required.

But DNS providers like to solve the CNAME-at-the-apex problem within the 
DNS protocol.

> Once they do fully implement it by serving the A and AAAA records from 
> cache, then it'll be fast, too.
> 
>> That's why I like ANAME: It allows you to do CNAME-at-the-APEX 
>> processing without requiring resolvers to be updated, however 
>> resolvers can implement ANAME to optimize the behavior.
>>
>> Also the ANAME in its current form does not require (but also does not 
>> prevent) the resolution to take place inside the name server, it can 
>> be a simple script that is part of your zone provisioning.
> 
> I think Tony Finch was suggesting that you could also do that with "HTTP".

Okay, I missed that. If HTTP can do that too, than the approach is very 
similar to ANAME except for the name. Why have both then? Also the name 
HTTP suggests the record is only applicable to the web.


Matthijs


> 
> Ray
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop