IETF Logo Mail Archive

Re: [DNSOP] status of the aname and svcb/httpsvc drafts

Bob Harold <rharolde@umich.edu> Mon, 24 February 2020 14:51 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26C533A0CA2 for <dnsop@ietfa.amsl.com>; Mon, 24 Feb 2020 06:51:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dcBj8hc8igt5 for <dnsop@ietfa.amsl.com>; Mon, 24 Feb 2020 06:51:05 -0800 (PST)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED2853A0CA1 for <dnsop@ietf.org>; Mon, 24 Feb 2020 06:51:04 -0800 (PST)
Received: by mail-lj1-x233.google.com with SMTP id x14so10362200ljd.13 for <dnsop@ietf.org>; Mon, 24 Feb 2020 06:51:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=PSkOOUmI1elEcU7dA/eDJeTQ2HLU8sMZbr7LZvD4DXk=; b=A078qkSbK53j/xr/cgWYVpZVKn94WLTrud2IQzb8x3PTnoKV9LcApdwc13TuhJnoOR o11So8GY2Nc4ggnnq1Fee3eIRroXCctulrKz4PJDk76hI9EojH3seaezWbGIXFeUqToQ 3SNu3NTF0tuAUoug2/FYYkxuDYoQD3VNIPDpyGVd3tfm6UQTcTFsVW78iWK1BWIJpjer VWPZel/Exa2cpE4pUKm7kWCMR3NATk6BQEOytQOIifv6fIe99EI0ZENBHGQsaXF8WLwt qLzz2QuKol5Usg0ix9LpNRknkkk//yzi+9cxrmzH3Wf84U3OZRrCQbaL9S6vy28sNtsW RxtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=PSkOOUmI1elEcU7dA/eDJeTQ2HLU8sMZbr7LZvD4DXk=; b=C/ZlTGPGxLPVgL2MYVVPW5FofdE7qfu8Hr3nGV9A8EgFDxHwicrpQM5ZkUBEnYgzKi coOwhxPEKuWgmculkDeQtX25ZwusA8Ee1ow6/K2Ah0gAuuhuGZUGtim4U2+rP1bqzAaA 3B9DLd30u+wvYbDy1c3NblYK7VxFwYbPN++jYJTtGnTo+HBEVU6EYbCMXlri6HTkqF2Q WA65xCVMNP5Db72n6xsmbFTc3AGzvcyWFlAPvhgTbbBhfcl9itjDIA6xYhkHY/b9jYUM s5x3Npfkc2wkHe7LcfO0RskJTgs8nCXIsMrqW1kyyy1GswYPF50uzPH0WOpGYc5axePg aUpg==
X-Gm-Message-State: APjAAAUuy/OWJXGXFua4ExV0sJfIfwVW4PFG1oRwl548PKeM+QcSs9uu H/woY1MxLjEtSh5A/qZ6nazhD/3HEwCIVtWqQ6R+sMAMNxA=
X-Google-Smtp-Source: APXvYqxh43ipVk5g+zlmFeqrTugEXZu9Ad0xGvqtmB89yReNm0/9tG4L3gzeIYL4UiR7ZR7wh4zdaSLmAczPlXOXY9o=
X-Received: by 2002:a2e:8797:: with SMTP id n23mr28687032lji.176.1582555862755; Mon, 24 Feb 2020 06:51:02 -0800 (PST)
MIME-Version: 1.0
References: <b34f1b0d-fa65-23d4-1b2b-761b965a2aae@knipp.de> <CAG8jCEzO7zrfL5G5CzdJ=c5wipJgqqHfyeA-a3-QjquoyPYgvg@mail.gmail.com> <3ead518d-f166-1c36-c3e9-18aeb355d160@pletterpet.nl> <20200220221517.GA16177@isc.org> <alpine.DEB.2.20.2002222349530.27562@grey.csi.cam.ac.uk> <CAH1iCiq+rOxs9c8zoJhAWbB6-0SP_WC5onF-DrbekwX=8iR49Q@mail.gmail.com>
In-Reply-To: <CAH1iCiq+rOxs9c8zoJhAWbB6-0SP_WC5onF-DrbekwX=8iR49Q@mail.gmail.com>
From: Bob Harold <rharolde@umich.edu>
Date: Mon, 24 Feb 2020 09:50:51 -0500
Message-ID: <CA+nkc8Coe8D1ECfrRwRUnzJ3azyJfXXUq3HMy63AL-4SOvmaaw@mail.gmail.com>
To: "dnsop@ietf.org WG" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000097e83059f538025"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yIcdBTQLPXAA0P5IEWUSZnsqCuY>
Subject: Re: [DNSOP] status of the aname and svcb/httpsvc drafts
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2020 14:51:09 -0000

Just my opinion, but I would like to focus on HTTPSSVC first, for a quick
win.  Then work on ANAME - it might not be used much anytime soon, but if
it reaches 99% of the DNS servers in 10 or 20 years, it could solve the
problem at the apex for future generations.

-- 
Bob Harold


On Sat, Feb 22, 2020 at 8:12 PM Brian Dickson <brian.peter.dickson@gmail.com>
wrote:

>
>
> On Sat, Feb 22, 2020 at 4:01 PM Tony Finch <dot@dotat.at> wrote:
>
>> Evan Hunt <each@isc.org> wrote:
>> >
>> > CNAME at the apex wasn't really the problem. Getting browsers to display
>> > content from the right CDN server was the problem.
>>
>> My interest in ANAME is basically nothing to do with CDNs. I want my users
>> to be able to configure aliases by name or address without having to deal
>> with incomprehensible restrictions. ("It's always a DNS problem") Ideally
>> they should be able to configure aliases by name so that those responsible
>> for the server can move it around without having to reconfigure ridiculous
>> numbers of aliases.
>>
>
> I'm not sure if this is a philosophical thing, or a pragmatic thing.
>
> But the root problem with apex aliasing (CNAME/DNAME/ANAME/etc), is the
> huge deployed base.
> Also, that the original design of DNS didn't have this built in.
> And also, that the whole semantic of CNAME usage is hidden from the
> clients (things querying DNS), rather than exposed to the applications.
> (E.g. should it not be the case that whatever is making the query, itself
> be aware of the aliasing?)
>
> Ultimately, I think this boils down to this observation:
> DNS zone files are not really a good place to implement any user-exposed
> schemes for aliasing, or for maintaining server/name mapping.
>
> Those two things are UI and provisioning, respectively, and both are
> probably handled with systems above or outside of DNS, rather than DNS
> itself.
>
> UI for the former (that deals with the DNS oddities), and automation or
> APIs that deal with the latter.
> Whenever there is a need for a bunch of names, plus the apex itself, to be
> treated as synonymous, why does it matter which of those is the "target"?
> That's really a bike-shed issue, IMHO.
> The only time it is a problem, is if the target is external to the zone,
> in which case the single instance at the apex is the problem (i.e. the main
> issue of the ANAME or HTTPSSVC alias-form).
>
> Moving a server (renumbering, etc), always requires synchronization
> between a bunch of systems, only one of which is DNS itself.
> E.g. certificate management, networking, etc.
> Keeping those in sync requires some tooling.
> Thus, adding the DNS component into the tooling doesn't seem to be
> cumbersome.
> It is perhaps a place where more infrastructure development to handle
> scaling is required.
>
> I.e., it'd be nice if DNS could deal with these things better, but it
> can't, and it isn't the only possible solution, so, pretty much any other
> solution can be made to work.
> The choice of which alternative is really an implementation question,
> which doesn't require standardization.
> It's analogous to meta-data stuff, which also relates to provisioning of
> DNS itself.
> It's another place where in a parallel universe, it might have been good
> to have been included in the design of DNS.
>
> Brian
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>

v2.23.0 | Report a Bug | By Email