Re: [DNSOP] Root reasons (aka "why")

> On 9 Nov 2018, at 5:27 am, Tony Finch <dot@dotat.at> wrote:
> 
> Ray Bellis <ray@bellis.me.uk> wrote:
>> On 08/11/2018 11:47, Dan York wrote:
>> 
>>> For that reason, wouldn't all the resolvers (or at least an extremely high
>>> %) need to be upgraded to support the new record?
>> 
>> They don't _have_ to be, but performance is improved when they are (since only
>> an upgraded resolver will include the A and AAAA answers in the additional
>> section).
>> 
>> The critical path is the browsers, since none of this works unless they
>> start looking up the HTTP record.
>> 
>> As a transition mechanism, site operators would still need to publish their
>> existing A and AAAA records by whatever means they currently do (even if
>> that's e.g. a CNAME flattening on the authority server).
> 
> The transition mechanism is really important if zone publishers are going
> to use HTTP records. It needs to be automated and invisible to the web
> site admin. If you require people to provide both a target hostname and
> the corresponding addresses, you are making it too hard. You aren't
> removing the friction caused by the restrictions on CNAMEs.
> 
> At the moment the options for setting up 3rd party hosting are:
> 
>  * Just use address records. Lots of places prefer this because it
>    always works, at the cost of less flexible static server setup.
> 
>  * Use a CNAME for www and address records for the bare domain. Maybe the
>    address records refer to a server that is more limited in some way
>    than the CNAME target (no geoIP, just a redirector, ...)
> 
> HTTP RRs risk adding a third option, where the web provider has to have
> documentation asking whether the DNS provider supports HTTP RRs and if so
> the site admin needs both these addresses and this hostname. And the
> addresses can't refer to a redirector, so this thord option opens a new
> trap for the unwary.

The providers that use CNAME add HTTP to that description and say to add HTTP
at the zone apexes or anywhere else another record is published at the same name.  

> What I would like is to eliminate the wrong choices on the DNS provider
> side of things, so that the web site admin can provide a target hostname
> which will work on any name, just like they can with address records.

Providers that synthesis A and AAAA records using proprietary methods just add the
HTTP record as a complementary record.

Providers that use CNAME at the apex set the CNAME TTL to 0 and add HTTP along side
the CNAME.  This will allow them to be able to see which clients support HTTP if they
wish.  HTTP lookups needs to be made *before* A and AAAA lookups get the HTTP records
into the resolver’s cache.

> Tony.
> -- 
> f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
> Fitzroy, Sole: Cyclonic 5 to 7, becoming southerly or southwesterly 7 to
> severe gale 9. Very rough or high. Rain or showers. Good, occasionally poor.
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

Re: [DNSOP] Root reasons (aka "why") - HTTP vs SRV vs ANAME vs CNAME