Re: [DNSOP] new ANAME draft: draft-hunt-dnsop-aname-00.txt

神明達哉 <jinmei@wide.ad.jp> Thu, 20 April 2017 18:13 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B8DDC129B53 for <dnsop@ietfa.amsl.com>; Thu, 20 Apr 2017 11:13:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.4
X-Spam-Level:
X-Spam-Status: No, score=-2.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.199, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k70TKyUZJAl8 for <dnsop@ietfa.amsl.com>; Thu, 20 Apr 2017 11:13:58 -0700 (PDT)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56068129B5E for <dnsop@ietf.org>; Thu, 20 Apr 2017 11:13:56 -0700 (PDT)
Received: by mail-qk0-x234.google.com with SMTP id h67so53796364qke.0 for <dnsop@ietf.org>; Thu, 20 Apr 2017 11:13:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=m2LL1oIadI387s99OnjgE0KdSGxwZ2CmOEhon5KXcFo=; b=B8TjLqdeJUy+1IqOZUBcqodphLIYnyMJ0YxOz3bS9DVkWRKRmFcSGRntEJir02aUgv 9ouwjOS36lZSKRNb9Yr+T/4slw9P8QamQEMiOn+EIWxYjHA36ITGQ/BNaSHEEQqoU1ft R21aaS2xo6aljVJjQopf2EK1S5wF2iEy20s+Q2FtQXHCIPiS8mxXaGV5A4G2ZZAGFUHv 3AjP5Sz0dB+0geNCQfLCyo58xBZypD5qgLCn7+NQNf1IOyL9sz/xDvs6bH4aIx9M3033 ja5dRTzQwnpii699DWSncSdj5N0lxqsOlb/8mh6O9tqMhrsNE5fPZ8mp7yI2e+PLyO2+ CJSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=m2LL1oIadI387s99OnjgE0KdSGxwZ2CmOEhon5KXcFo=; b=elRDMQxzJLAedQqEOd3fwJk3BioGvFOt7VYFG29RtXQyuWpeMDf+2piK8cGL/LOf6m nb32EUdUnVJUAk2rnNDwqVU7+04a7GRybI1dbdC7V/KBHNW2GMo7Vapi9EUeObigooEO cdYlvLkEa8QhGs1lbnjEk9i5uWKWKUBEScAdGsVouoRYjBjkdGo8nmxxth6MHfUvJOZA hvet+baBoJ7cfSxVoKUgGhpvo1ao0+iOb0dXFLiZWM/60XXygLe9AwQzZgcj4FnI7CD+ kgAQ++P9/bUkh/YRI+HdlHgGUKJ6gGHB6hxERo1DvIy1R5tCtfYYw8/tBCteAp9W9TzL dfGg==
X-Gm-Message-State: AN3rC/6Umyaa0pqmcl6YeZoEzqr9BLqEzmXTxr/ZVUXKqoX9uYaGvt2E 2dTsy+iWBtno0TYHQz4RPiRcO0zF7UQ+AO4=
X-Received: by 10.55.143.130 with SMTP id r124mr8355990qkd.19.1492712035414; Thu, 20 Apr 2017 11:13:55 -0700 (PDT)
MIME-Version: 1.0
Sender: jinmei.tatuya@gmail.com
Received: by 10.237.60.208 with HTTP; Thu, 20 Apr 2017 11:13:54 -0700 (PDT)
In-Reply-To: <alpine.DEB.2.11.1704181339350.4393@grey.csi.cam.ac.uk>
References: <20170407181139.GB66383@isc.org> <CAJE_bqd03qfTs+9gXbwJJp5TJOiJG+mUDp8CxFfwmBWRq+2aOg@mail.gmail.com> <alpine.DEB.2.11.1704181339350.4393@grey.csi.cam.ac.uk>
From: =?UTF-8?B?56We5piO6YGU5ZOJ?= <jinmei@wide.ad.jp>
Date: Thu, 20 Apr 2017 11:13:54 -0700
X-Google-Sender-Auth: LXB-dXGrgtsbDNEIIXqC_6KAb3k
Message-ID: <CAJE_bqeg1BmDXMoJuHa=OQ1GaMSvLM6B5fpeyoBsrDgGRSEBDQ@mail.gmail.com>
To: Tony Finch <dot@dotat.at>
Cc: Evan Hunt <each@isc.org>, dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/pVMepFKOMO2_mcqAjQovav6lMn4>
Subject: Re: [DNSOP] new ANAME draft: draft-hunt-dnsop-aname-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Apr 2017 18:14:00 -0000

At Tue, 18 Apr 2017 13:54:54 +0100,
Tony Finch <dot@dotat.at> wrote:

> > I also wonder whether it's okay to allow 'AAAA or A' and ANAME to
> > coexist for the same owner name.  Shouldn't it be prohibited similar
> > to that CNAME and other types can't coexist?
>
> From the point of view of a provisioning-side implementation of ANAME, the
> A and AAAA records are pre-populated answers from the target name.

As long as those records are generated from the target name that would
probably be okay.  But the current draft doesn't seem to enforce it,
and, (probably unintentionally/implicitly) allows the following setup:

aaaa.example.com. ANAME aaaa.example.net.
aaaa.example.com. AAAA 2001:db8::aaaa ; not populated from ANAME target
aaaa.example.net. AAAA 2001:db8::bbbb

This looks more like a prohibited "CNAME + other AAAA for the same
name" situation to me.

--
JINMEI, Tatuya