Re: [DNSOP] RFC 8482 (the ANY -> HINFO hack) and DNAME

Mark Andrews <marka@isc.org> Mon, 18 November 2019 01:35 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEB3A1200FB for <dnsop@ietfa.amsl.com>; Sun, 17 Nov 2019 17:35:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PI9EYMizAlWw for <dnsop@ietfa.amsl.com>; Sun, 17 Nov 2019 17:35:52 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C4DC12002E for <dnsop@ietf.org>; Sun, 17 Nov 2019 17:35:52 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id E2CD83AB002 for <dnsop@ietf.org>; Mon, 18 Nov 2019 01:35:51 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id CF9C9160050 for <dnsop@ietf.org>; Mon, 18 Nov 2019 01:35:51 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id A642B160053 for <dnsop@ietf.org>; Mon, 18 Nov 2019 01:35:51 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id rU9Gj7-pDncH for <dnsop@ietf.org>; Mon, 18 Nov 2019 01:35:51 +0000 (UTC)
Received: from [172.30.42.69] (n1-40-244-161.bla1.nsw.optusnet.com.au [1.40.244.161]) by zmx1.isc.org (Postfix) with ESMTPSA id 19499160050 for <dnsop@ietf.org>; Mon, 18 Nov 2019 01:35:50 +0000 (UTC)
From: Mark Andrews <marka@isc.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Mon, 18 Nov 2019 12:35:48 +1100
References: <20191116144152.0AB3DF61257@ary.iecc.com> <069FA704-BC4C-4777-B812-E161993F22AB@dukhovni.org>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <069FA704-BC4C-4777-B812-E161993F22AB@dukhovni.org>
Message-Id: <A3FED43A-8C8B-432D-A1D1-6710B07643D0@isc.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mdJn7YPmVrkRNIwDZ4bfjuOj2Ic>
Subject: Re: [DNSOP] RFC 8482 (the ANY -> HINFO hack) and DNAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 01:35:54 -0000


> On 17 Nov 2019, at 17:20, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
>> On Nov 16, 2019, at 9:41 AM, John Levine <johnl@taugh.com> wrote:
>> 
>> Remember that it's invalid for an NS or MX to point to a CNAME so I assume
>> it's equally invalid for them to point to a DNAME.
> 
> There's no need for NS RRs pointing the non-canonical names, the DNAMEs
> are there for continuity (or to support alternative representations) of
> actual application services.  That's not a real barrier to DNAME use.
> 
> And speaking of application services, the prohibition of MX pointing to
> CNAME is not enforced by any MTA I'm aware, and a small, but non-negligible
> fraction of domains do have MX RRs that point to CNAMEs.

Just because broken configuration don’t always cause problems doesn’t mean
that they don’t sometimes.  MTA’s need to know what names they are known
by to properly remove MX records from consideration when performing store and
forward. Email forwarding loops still occur.

> In my DANE survey, out of of 8503 MX hosts, 130 (1.5%) are CNAME aliases.
> None presently via DNAMEs, but Tony Finch has a DNAME redirecting TLSA
> lookups:
> 
>  _tcp.hummus.csx.cam.ac.uk. IN DNAME _hummus_tcp.exim.org.
> 
> and three other domains also have DNAME-redirected _tcp subtrees.
> 
> -- 
> 	Viktor.
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org