Re: [DNSOP] What should ANAME-aware servers do when target records are verifiably missing?

[Bob Harold <rharolde@umich.edu>]

On Tue, Apr 9, 2019 at 1:56 PM Richard Gibson <richard.j.gibson@oracle.com>
wrote:

> Copied from https://github.com/each/draft-aname/issues/54 per Tony Finch.
>
> The current draft specifies
>
> > We treat missing address records (i.e. NXDOMAIN or NODATA) the same
> > successfully resolving as a set of zero address records, and distinct
> > from "failure" which covers error responses such as SERVFAIL or REFUSED.
>
> This is both undesirable for customers of DNS service providers (whose
> active sites will occasionally be inaccessible to some clients for
> $SOA_MINIMUM seconds), and operationally cumbersome because resolvers
> are not in a good position to synthesize the necessary SOA records for
> NXDOMAIN responses (e.g., example.com. ANAME example.invalid. alongside
> example.com. A 192.0.2.1). Tony suggested that this was to be "as much
> like CNAME as possible", but I disagree because unlike CNAME, ANAME can
> have sibling records which are therefore available for use.
>

If it gets an authoritative answer saying that there are no address
records, then it should respect that answer.  If that is incorrect, then
whatever gave that answer is broken or misconfigured and should be fixed.

Perhaps I am missing something.  In what cases can you imagine getting a
response with no errors and no records?

Perhaps a load balancer that has probed all the servers and determined that
none are working?  If you want a fall-back, it should be configured in the
load balancer in that case.

-- 
Bob Harold