[DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS record type for FedCM well-known file delegation
Will Bartlett <wibartle@microsoft.com> Thu, 09 April 2026 01:20 UTC
Return-Path: <wibartle@microsoft.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 49492D872646 for <dnsop@mail2.ietf.org>; Wed, 8 Apr 2026 18:20:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1775697609; bh=C1T7xpII6MDJAvBTJP13nrB2tlhKtPDElqIEkCbIW6k=; h=From:To:Subject:Date:References:In-Reply-To; b=jrbspc6jXt1vonlPxAzFB6InJ3qf41+glt4q7JhMmRo6fAkEek76JbKhtzlBIYGYD iwoEQmzRyZNhl4TbXvtyl0+ZZDKJYgLb7ddbFGL0nMinHDx5IZ++lnThXp6c3lUofo QrVAe0mA3FoO9Ieq/D+STnwzjkzhH0dknlNTBSd0=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id narMS90YL8pv for <dnsop@mail2.ietf.org>; Wed, 8 Apr 2026 18:20:07 -0700 (PDT)
Received: from BN8PR00CU001.outbound.protection.outlook.com (mail-eastus2azon11023125.outbound.protection.outlook.com [52.101.59.125]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id B4D49D872630 for <dnsop@ietf.org>; Wed, 8 Apr 2026 18:20:07 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lshmvcJMZ9PV1IeF8rNhxrzjgfPcLR8yGVCeDapEgZbBQxMi0oYE6iPWevY9V/lDwjv+M4QFrmyIxEOgVURsn4Tpu7YAfj1omOugezgFzZhR3+ujZfm+xhNdlfoUqsUExz2eotTOb4HEmJYvKmZ18GO/z1abAc/+E6Dcjh03nGLfH9RRYlG1y04OBejFIOt4GFkQuUOncHHTw6hEJLfFtD4pFv1FuuM/HHeeHueu9wNdmJrA8iNKmCbqm/UGl+Gka8gDpFcGxpPUGjG2NgwU2fFJ2kMSI4okAEOi5w2mHkpVxOcyligHdAC1FiwUxi6G0rnURBHgpUqG39cHiPjoCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=C1T7xpII6MDJAvBTJP13nrB2tlhKtPDElqIEkCbIW6k=; b=jeSQuffKsmyn6Z4R1raA7dSWFu4dj4OvtIZO2C9OLIQsWq62/6FUKKW4YaH+toFGMTUtrvUG+W4lFRl4CKUSsU/ueZomQohXRS6qwW30iziY+ox9eEJk/AMfp1pOSmj1n8VgvYY5d0EQsckhak2G4YTkUetxP9ImkXuLrKjTDboDah7tJS+NxPJQZ6BjtpxjEHGR87DvAMD3c9+aWlwBI8m+kRr/b5kVADFmWKEDS0y7f9XoHlWIQIlvkWUrOYzzYjhypdoIqQxWrGvh2hXBKl8JWqQkmUik+HkzB2qqHGsam5Q1PS48khr9e21YuGfa5IrC5MoBkFTZJySO1GyOKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=C1T7xpII6MDJAvBTJP13nrB2tlhKtPDElqIEkCbIW6k=; b=dq1QrE772wEvHoH2xPZ58chnA7iPokxNXiKqaBC5D9HMXPFDVJTmRL/evKbJo5hgRCTwdeKa+yYxw3IPAk1AaU3UdjxmBh7oCIWiYeLFz2dm1Cm8NmgeoP+dTrHhMIrgDxAMbmxGy3gUMPAMcJpIZdMaBX4SVjZL5YA6sgAA2rI=
Received: from PH0PR00MB2874.namprd00.prod.outlook.com (2603:10b6:510:38b::12) by BL4PR00MB1945.namprd00.prod.outlook.com (2603:10b6:208:4e1::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9833.0; Thu, 9 Apr 2026 01:19:54 +0000
Received: from PH0PR00MB2874.namprd00.prod.outlook.com ([fe80::ce22:1610:9624:6c0f]) by PH0PR00MB2874.namprd00.prod.outlook.com ([fe80::ce22:1610:9624:6c0f%3]) with mapi id 15.20.9830.000; Thu, 9 Apr 2026 01:19:54 +0000
From: Will Bartlett <wibartle@microsoft.com>
To: John Levine <johnl@ietf.email>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: [EXTERNAL] Re: [DNSOP] Advice sought: DNS record type for FedCM well-known file delegation
Thread-Index: AQHcxiFZLkSjwQr0YkefGxHDiZOtz7XVk22AgABd6W0=
Date: Thu, 09 Apr 2026 01:19:48 +0000
Message-ID: <PH0PR00MB2874F80AC053F1275A2F22AED3582@PH0PR00MB2874.namprd00.prod.outlook.com>
References: <PH0PR00MB287470B5624C4161156CB2E6D35DA@PH0PR00MB2874.namprd00.prod.outlook.com> <20260408194233.903C51017746D@ary.local>
In-Reply-To: <20260408194233.903C51017746D@ary.local>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_87867195-f2b8-4ac2-b0b6-6bb73cb33afc_Enabled=True;MSIP_Label_87867195-f2b8-4ac2-b0b6-6bb73cb33afc_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_87867195-f2b8-4ac2-b0b6-6bb73cb33afc_SetDate=2026-04-09T01:19:47.500Z;MSIP_Label_87867195-f2b8-4ac2-b0b6-6bb73cb33afc_Name=Public;MSIP_Label_87867195-f2b8-4ac2-b0b6-6bb73cb33afc_ContentBits=1;MSIP_Label_87867195-f2b8-4ac2-b0b6-6bb73cb33afc_Method=Privileged;
suggested_attachment_session_id: 8d3435ad-cb30-be18-9215-13b191ccf670
authentication-results: mx.microsoft.com 1; dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=microsoft.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR00MB2874:EE_|BL4PR00MB1945:EE_
x-ms-office365-filtering-correlation-id: 7b20e385-7f61-4988-1fa1-08de95d61ae9
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|8096899003|7053199004|13003099007|38070700021|18002099003|56012099003|22082099003;
x-microsoft-antispam-message-info: 7IzBaa5WajgRniy5aO3uVaYsJCGkX4l3tk0yauW8ZggnKBR6Ns9jv+nDRIrQlBA87/5EVFgG4Y3FRz+WTIVAQklefXAcDrUNorxA9FLpwKbcfHi+qr/ruS1hwWJ/4IZpQpcOZCakt3X/qK2lP/ZUt9MTn7bcM04BNNQywKB9DrZNlj/OL8f9GdWGB0nEXLwkS2n4gph7Pxm5f7I4f5XG0/GA73eXOJrHtxBe85QSgGQM1Rj2LrBxDGrYqB+xEmw2uxdgnUmKcCRC5PU0PB/aTh9Z0xiHQOY9K2o5sCGirUfI+zYKQ6GH814uA+K1WSp1gOMqO5nciI1CS8hvEypzdzJFQh/vVb5QEbwL3eDEDDvGSlp9a7H1sOblyeD/sIKt+ZCYRczSTt2wcSMC6tgNa6A6gtCh6i7OCbtlinBE0Gn+QOcB2301sqNxv/pBdSAbz1CPcevzqhLk4DWmr19Yxu17Ye+KhUfIOi7iVEazaQq6e4B2qF4cy0S8A2jRN64d9XFXcjSBSEtkudDTk52mH73b9pXOaTtl0iOe5lyo7F6Ec+ofVS2uWsoUoYLNAe43tVIns7Edvtxkbu+cNMFegXN/NRStKbgi06MDX7SEzQpymkxcTnshUTA6aeCV43Gi9LoK1tMHtqNYtO3Oo8Mx84v9OLdk9lyK9qlXdKZqbIs4SW94BFFFW2fOCChiRj2fqY1VBVNDV4tajZRNXekK/jH9OUA9yeNwrz/GnXpTaxSR1Ce0/Ox6aHTw9CPsP2fbIlUyW1tG9FTkMLK4nOU351gIplWHGbZb3joPsI0qLJt4YqWG/WIVDfX66grNl2QI4Xm8JUnKqK060eIUkCkNWadie//C7j7k1BO1V8t11WluoYStRcDvfdtRddba7Am5gtmq99irCRr2K90ty5o2NYDPjhXdb2Ep/15MDaK40kDvNtoJIMLPFXCQgt/cymQDSpkXeVEUcZeS+GxQT9ldfnCVpjUJaSBdmd1/DjWcy5SQhDuN6RA1RhajYTBam31nLdFKgbLQ6MX9ovP+E1YFZQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH0PR00MB2874.namprd00.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(8096899003)(7053199004)(13003099007)(38070700021)(18002099003)(56012099003)(22082099003);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: yD2nbztAIM7a0usLXJBbkjagqFNCZLuvxBZpeuoE27bgJ/ygjuZ9+tJyfcMNY2SIojqsoN6xAgT9Xhe+jUZugcsimWkBBISK4wtZ6ht4m85g0Fxmr3J1tIa/bv+el4saspEH+Wk2igRjZqe6iw+J15OlwxFYV5veTn/bliGswh6pYXmipD8Afdvy7zthew1NPQ+osFIipK0+pibPpoWyhCf5IlpDSZp7gtQVpXpdH+v0Zhcv0ASsHIJJlRXa2M/ClA7DNtwozfPNniKbj3lwfLxub+FhUH1HU48XBQDt8LNqJ1p9Ogj5n82Y7Vd7kk9QP0+RSbdddRyGApWkm5XUx0ubGEas70hx26eM2W6lCt0EtFVDl6fvAYwM8F7yrIP9GWQQD1U+09GXDUAAnJl8oesgOWxASAvRCJ9ocCVAjjG8cnbSDNhTvuodq7NVI2x3p6HM5gQs/rg6YNa33/ept1VP0m9yZTzsTLdeTWRbQajfRPruLDLoSiB7GhxTFoCEhw6Fc3WcCoee2xOW315HAnVi73/vQu40mklRA/zVszfxYRdUjw9hvfnZrjdP7ykrf0RT/S+HDs2d0vZY7CX1JqmnWFP+9b0OBMvY0a36wFSiOdHphimqjLfjYtCioVOdyrRTVyoObXnvkMuEHBluDbSAFUcYsNkr1xLrgvp5iDuu9fXpfagUejE7s/ohRn8ixCRZ74G9OKVfBfOYJYyjP01JKDlmkfIQZdx8QFYZMnNoPFMwsDBGEnZYnPjc6EpZzwjRP7C6CNCbrkDKGUDIb2ssETVBWVBwAFwrr7gTcKOgshsyKAqClhT/JtHgZM83IswZb32SzpeUnrGZM3hP9WLySwvllSZG1vVjCyL/FVnpWOO2Xr5W5QvRQdzXbUtyKw2wGT+Srada0ccJpsdj3sZRVzzIAB8JTcMs7Rn++6k+0YI0kzKYRTJIcflbSNvD17C7iMte5+9NTaY/wg08P1gRCyvgXVX971G1rcKk/brQWYzo4UoMc35tElfbbRuL9JuHQRMdREJQssNW8FNERVkg6ffKg00BUVACuL17wcZUYDtGLZWoX2qQqWM7DJPPTdqJEk60pfVwx0B8t0sCBI3vyXFOnmbDrOtHIlDTknsG7IZkIz/MYRCZ8oTw5gSUlzqoQ3uaSzcB1hIcQFNIjZvgskNU0pStusbu3l4lXcv7+Zl+M6IeuyF6lbiAnICQuBJXTZRgFY3/QKT9dM5aKlRsr7o38JUGczSVaE2Vs7KNzLnP/Vchr3/N/L6KRRDPu6hGitwgMISGksO2QCEOb9+sL61ZaQYdKFxlaipOpmVWUa+9r3YvIILzEJYhKYyH2iN3iWz57XPXEEPRhnJPOXbvNgSyMetAAgE63M8XB+3G9CQLwcMUckooKltrqz/Vpe1Dj+MtpDQvFA2mg+dDbXY/u0kUvsmRBS2wHbWzZMWT41bLXsO6ebNrjtcTwi/Im3Qv6ijBZEJhQ5S+gEI8Dpx30obRW7qGjI2Smih2+3VCrdYeV3Ys/uyUv/18OFdpuOW2euAXrcD2MhJOEfMtrzEBnr/mePafsxyrT9DOrT7S8LW0Ax7JceqQ/gFdWolyNHjHJ3H5vwyy0dOm/2PhGbF1F+xQ4STT14PVnpBV0la5cSeaHI2M2L3r6bjdHhiiuvGr3nP5Ea+4y8en6KI+wuu/a9B5AwrL31tsGdO+usJuc51q2jRf0Xpc4Mz8uNXoNFGJFEk/AByDBuzZa6kpIQ==
Content-Type: multipart/alternative; boundary="_000_PH0PR00MB2874F80AC053F1275A2F22AED3582PH0PR00MB2874namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR00MB2874.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7b20e385-7f61-4988-1fa1-08de95d61ae9
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Apr 2026 01:19:48.1510 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: EIVM5G/skxz8g3uQSk5OdmkZRWnyppkpbX0zJ9QM6Only65qmtI7KL5xt4wNo3Z7Gn/HyM6Hw2CzWwAN7dn/1A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL4PR00MB1945
Message-ID-Hash: ELVFKXNKJUTATOYREKCN2QYYHWFC24CO
X-Message-ID-Hash: ELVFKXNKJUTATOYREKCN2QYYHWFC24CO
X-MailFrom: wibartle@microsoft.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS record type for FedCM well-known file delegation
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mewqrvQu_pP-MYzjJlLnW_3C17Q>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
Missed the 404 remark here. Fixed link is: https://w3c-fedid.github.io/FedCM/. ________________________________ From: John Levine <johnl@ietf.email> Sent: Wednesday, April 8, 2026 12:42 PM To: dnsop@ietf.org <dnsop@ietf.org> Cc: Will Bartlett <wibartle@microsoft.com> Subject: [EXTERNAL] Re: [DNSOP] Advice sought: DNS record type for FedCM well-known file delegation Keeping in mind that I am unpersuaded there is anything for DNSOP to do here. It appears that Will Bartlett <wibartle@microsoft.com> said: > 1. >Is SVCB appropriate here? We're not doing service binding in the traditional sense (ALPN negotiation, ECH, etc.) � we'd either be >using TargetName purely for delegation (Option B) or embedding application-layer metadata in custom SvcParams (Option A). Is this a >reasonable use of SVCB, or a misuse of the record type? Given that this problem is basically due to the limited capabilities of people running corporate web servers, it would not be a good idea to assume their DNS department can handle SVCB. >TXT vs SVCB pragmatics. TXT at an underscore-prefixed name (� la DMARC _dmarc, MTA-STS _mta-sts) is universally supported by >registrars today. SVCB support is still limited. Given that a goal is broad deployability (including small organizations managing >DNS through commodity registrars), does the group have a view on whether new protocols should prefer SVCB over TXT for simple >delegation, or is TXT still the practical choice? An underscore prefixed TXT record is probably the least bad option here. > 3. >Naming convention. Is _web-identity.<domain> an appropriate underscore name? Any conflicts or conventions we should be aware of? >Should we register in the Underscored and Globally Scoped DNS Node Names registry (RFC 8552)? It takes five minutes and costs nothing once you have a reference you can point to, so sure. > 4. >Embedding data in DNS vs delegation. Option A puts application data (URL paths) directly in DNS records, avoiding an HTTP fetch. Is >there precedent or guidance for/against this pattern? We're aware of the 65535-byte practical limit on DNS responses, but the data >here is small (two short paths). My inclination would be just to put the hostname into the record so you don't have to worry about encoding the funky characters that might be in a URL. You need a fixed known prefix on the record contents so lookups don't get confused by domains that wildcard everything, e.g. _web-identity.examp1e.com TXT "webident;idp.example.com" R's, John PS: > * Spec: https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedidcg.github.io%2FFedCM%2F&data=05%7C02%7Cwibartle%40microsoft.com%7Cce5516f05d04400828ef08de95a6fc08%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C639112742198750060%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C80000%7C%7C%7C&sdata=MRYJ9quaE%2BHT0mEoXOYwrnS06ih1lxZo%2F3CUhYmVRZY%3D&reserved=0<https://fedidcg.github.io/FedCM/> 404 when I try to look at it
- [DNSOP] Advice sought: DNS record type for FedCM … Will Bartlett
- [DNSOP] Re: Advice sought: DNS record type for Fe… Jim Reid
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: Advice sought: DNS record type for Fe… John Levine
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Matthew Pounsett
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… John R Levine
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: Advice sought: DNS record type for Fe… S Moonesamy
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… S Moonesamy
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… S Moonesamy
- [DNSOP] Re: Advice sought: DNS record type for Fe… John Levine
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: Advice sought: DNS record type for Fe… Matthew Pounsett
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… John R. Levine
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: Advice sought: DNS record type for Fe… Matthew Pounsett
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: Advice sought: DNS record type for Fe… Ben Schwartz
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Ben Schwartz
- [DNSOP] Re: [EXTERNAL] Re: Advice sought: DNS rec… Will Bartlett