[DNSOP] Root reasons (aka "why") - HTTP vs SRV vs ANAME vs CNAME
Brian Dickson <brian.peter.dickson@gmail.com> Thu, 08 November 2018 02:31 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E120D130E07 for <dnsop@ietfa.amsl.com>; Wed, 7 Nov 2018 18:31:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTaqbkGKmsjS for <dnsop@ietfa.amsl.com>; Wed, 7 Nov 2018 18:30:58 -0800 (PST)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CEC4130DE9 for <dnsop@ietf.org>; Wed, 7 Nov 2018 18:30:58 -0800 (PST)
Received: by mail-vs1-xe36.google.com with SMTP id x1so4374428vsc.10 for <dnsop@ietf.org>; Wed, 07 Nov 2018 18:30:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=I3Nam/jVLnd4XO7b8nxOWyV3GRySRF4wPJ2yvSy1qso=; b=IGo2dBRf2QCMln8kx/a+Uy9n9csjhs+OvXMc9yZKqkXO+n4i5FghxuedbY0SNj3GPS jUt1e9MWWfZ6L+tu/6aJiEN1KLxCRq702tTA7rI5x7UON82Q4sRf+1K76VDw6FeO/hx4 KROS20c4w7eaUltyRihv9fnYfXroA+iS19U0XAnPnXCc07IhRJOEMscj6Y/tH56g1xri QtMLFuKedfgnFEAmNV3dbbe53P73jO0FrdacMj4uzu+EsmFQM7TqmM523KFOUpYf7BZo fO1k1+GumNubB8AuS8ipfMh1t5XIhb1wkkfxvO/fm2iljEOh7PWqotUNzZsUryeHOD0R F73w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=I3Nam/jVLnd4XO7b8nxOWyV3GRySRF4wPJ2yvSy1qso=; b=bZOIV/ga0pSaLJByFJ/EtW8Sh1IycTJ8XHI+AwCt/WED01PSYDXdgnZCT6JpQDkGBH CWozhitbEh3T2jBj39WtdcuFaT72Br31v4eR5PNLk8wjGaS5pN3D2ACmzfF9P/VnQvtg AMGRBvaBEMIyYdriXx4aR4To4T+c34oZ1lIcdP9joAMcrhFCXpuLk9vjNP4pvJiTzEeV FkklRHO3zWRRPyZ51nMTouTk9f41YIzdK9KJGvhZB+TGjnA8YF3pqMqovUzEGZi93NYC MN/3yLQcLi9A53meIta1fMzT3NPpiK9K/jlwBRi2zNLIEDhjmIpdsV7zemUNQAhFsSSA yI1g==
X-Gm-Message-State: AGRZ1gJm25l+ph9+AHP0dVWfmeEE+bJZl7fBgX9pMsTXeVdotrayUqBT TkhL2ZHcT6x039/xWp0PM9V3C3UwiyAId4AS3HbdYBv1q8E=
X-Google-Smtp-Source: AJdET5ehvq+gB1ILuZI5z2V85g8s7vIZt37rSIAFRqWMkacZR1e2yNyB8fno/IHlrhX8WNVJ/vdkmgyQthC+B2Wkt74=
X-Received: by 2002:a67:7b0a:: with SMTP id w10mr1173345vsc.5.1541644257188; Wed, 07 Nov 2018 18:30:57 -0800 (PST)
MIME-Version: 1.0
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Thu, 08 Nov 2018 09:30:44 +0700
Message-ID: <CAH1iCirLfSEUcTf=p5bHuFJSFie_BoPh4X=89w2mpxgNpR9HkA@mail.gmail.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000051e33f057a1e0694"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/lC2ZW0lwME-RrvkpntRpJzWrLuc>
Subject: [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs ANAME vs CNAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 02:31:01 -0000
I'm going to start a clean, related thread, to discuss a bunch of questions, that I think can help with the ongoing threads. Rationale: I think many of the viewpoints some folks have are skewed by pre-existing familiarity with the protocol, and implementations (including browsers, libraries, stubs, forwarders, resolvers, and authorities, plus "specials"). What we may be forgetting are the USERS of these systems, and the use cases. These matter both in terms of their diversity in their technical savvy, but also in terms of their respective numbers. We can sometimes forget that registered domains (the entry point right below the 'public suffix' level in the domain name system) number in the 100s of millions, and the user base is global. Starting right from that point, it's safe to say that the vast majority of registrants are not operating their own authority servers and editing zone files. This means that they are doing something else, and they are not all doing one single "something else", either; it is a mixed bag with no dominant "pie slice". Why not SRV? There are a number of reasons that SRV is not in widespread use, that have to do with the mixed bag of ways those 100s of millions of registrants operate their domains. Even if registrants use systems that expose SRV to them to configure, as an RRtype, the other parts of SRV are not at all novice-friendly. From the wikipedia page: _service._proto.name. TTL class SRV priority weight port target This isn't at all friendly. The alternative is to put all of the above into some kind of UI. But again, this puts several more roadblocks on uptake *by users*. Regardless of the interface, the values need to be supplied, and the input needs to be validated, with the ability for the user to understand error messages and fix the input. There is no short cut for understanding the values, and knowing about _service and _proto. If the user doesn't get it right the first time, they are very likely to give up, since there are so many variables. For HTTP as a use case, it is far too complex. In other words, SRV is really only suitable for a tiny fraction of the registrants. For them, there's still a learning curve, but they have a need that only SRV can fill, and an incentive to do so. Those are typically enterprises, large institutions, entities with actual IT staff. Yes, resolvers and authority software do SRV already, that isn't the point. If you are an SRV proponent, here's my recommendation: Find someone you are acquainted with, who doesn't have any DNS familiarity, show them CNAME and SRV, and ask them for their opinions. Please. Why is CNAME so abundantly used? If we look at CNAME, it is much simpler, and probably one of the first things anyone doing DNS every plays with. (But even then, it isn't completely trivial, given the trailing dot problem that pretty much everyone gets wrong at some point in their DNS career.) Even for a novice: there is only one "variable", and lots of information and advice on CNAMEs can be found online. The learning curve is gentle and short. Why not CNAME? The secondary issue with CNAME isn't just the apex issue, it is the non-coexistence issue (of which apex is merely the poster child). Why a new RRtype? Here's the TL;DR: on these issues, IMNSHO: browser vendors won't do stuff that isn't really in widespread use, even if it is possibly easy to implement. SRV isn't ever going to be truly widespread, as a percentage of domains. We want a solution that is easy to deploy, easy to understand, easy to use, SOLVES THE COEXISTENCE PROBLEM, and doesn't change the primary rules on "stupid DNS tricks", i.e. that the tricks are client-oriented by way of the resolver (or possibly client-subnet). This leads to the only logical outcome that is implementable, doesn't require more than five minutes for any user to understand, doesn't require (but supports optional) changes to resolvers, doesn't require any change to authority serving beyond new RRtype(s), and thus can/will get brower support (simply by the numbers): HTTP. Why should HTTP be so simple? Because it is simple to use. It looks just like a CNAME. It can chain with CNAMEs and DNAMEs. It works with stupid DNS tricks. It gets the job done. It is a common denominator. That is a feature, not a bug. Why service-specific? As Ray points out, MX is already there as a service-specic RRtype. Other service-specific RRtypes may be needed, and new RRtypes are easy to get now. (Perhaps we can anticipate what some of those are, and include those in the draft?) Brian
- [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… p vixie
- Re: [DNSOP] [Ext] Root reasons (aka "why") - HTTP… Paul Hoffman
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Dan York
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] [Ext] Root reasons (aka "why") - HTTP… Paul Vixie
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Dan York
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Ray Bellis
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Mark Andrews
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Måns Nilsson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Tony Finch
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Mark Andrews
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Tony Finch
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Ray Bellis
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Paul Vixie
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Ray Bellis
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Paul Vixie
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Brian Dickson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Matthijs Mekking
- [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs… Patrik Fältström
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Måns Nilsson
- Re: [DNSOP] Root reasons (aka "why") - HTTP vs SR… Tony Finch