Re: [Http-srv] Alternative to SRV?
Ray Bellis <ray@bellis.me.uk> Wed, 29 August 2018 20:30 UTC
Return-Path: <ray@bellis.me.uk>
X-Original-To: http-srv@ietfa.amsl.com
Delivered-To: http-srv@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A3B0130F03 for <http-srv@ietfa.amsl.com>; Wed, 29 Aug 2018 13:30:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oT6ZWHsTe4EL for <http-srv@ietfa.amsl.com>; Wed, 29 Aug 2018 13:30:51 -0700 (PDT)
Received: from hydrogen.portfast.net (hydrogen.portfast.net [188.246.200.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30EAC130ED6 for <http-srv@ietf.org>; Wed, 29 Aug 2018 13:30:50 -0700 (PDT)
Received: from [217.155.195.179] (port=56141 helo=Barbaras-MacBook-Pro.local) by hydrogen.portfast.net ([188.246.200.2]:465) with esmtpsa (fixed_plain:ray@bellis.me.uk) (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) id 1fv770-00075Z-Bk (Exim 4.72) for http-srv@ietf.org (return-path <ray@bellis.me.uk>); Wed, 29 Aug 2018 21:30:46 +0100
To: http-srv@ietf.org
References: <6aceab29-cf81-8644-20cd-e02281e6394c@bellis.me.uk> <DDFF92A9-9F1D-4883-AF5C-1372EBDAB156@isc.org> <CAKC-DJj3uGYwgd5v+VUEWCDS08NMcFne+1iZ2EC3FVr2qKmcwg@mail.gmail.com> <CAHPuVdWFbB_u7ppkGsF6A-8qXDqdmAyP0v5E_OAO2vzUsD9Ayg@mail.gmail.com> <9093d0e6-3546-c742-91a1-2cac4e26984e@bellis.me.uk> <CAHPuVdVuMV0CBaZCik_utFFV_jek4XagDaw-BmUV0Lof5bJvNQ@mail.gmail.com> <CAKC-DJg0-hoL0zCVqNk-L1CcQcH_oaKVJHV9Sco0AqzZaGunWA@mail.gmail.com>
From: Ray Bellis <ray@bellis.me.uk>
Message-ID: <c7f299ed-8df8-5302-8ecc-bd53a3206dc0@bellis.me.uk>
Date: Wed, 29 Aug 2018 21:30:47 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CAKC-DJg0-hoL0zCVqNk-L1CcQcH_oaKVJHV9Sco0AqzZaGunWA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-srv/Q83iYw7xQnpZy5b67WO4FtdiRSs>
Subject: Re: [Http-srv] Alternative to SRV?
X-BeenThere: http-srv@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Using DNS SRV Records with HTTP <http-srv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-srv>, <mailto:http-srv-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-srv/>
List-Post: <mailto:http-srv@ietf.org>
List-Help: <mailto:http-srv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-srv>, <mailto:http-srv-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Aug 2018 20:30:58 -0000
On 29/08/2018 19:10, Erik Nygren wrote: > They unfortunately may be needed as otherwise we'd be back in the same > boat around CNAMEs at the zone apex. At least for the CDN use-case, > once a non-trivial amount of information shows up in the rrtype, it > likely needs to be managed by the CDN. Having "_443._https.example.com > <http://https.example.com>" means it can be a CNAME'd whereas if was a > record on "example.com <http://example.com>" we'd be back in the same boat. > > The underscore labels also provide the ability to have multiple services > on the same hostname. So does having multiple RR types. > I haven't fully thought it through, but perhaps there is a better way to > support underscore labels and wildcards in a way that only authorities > need to worry about? For example, allowing for "_443._https.*" records > in an "example.com <http://example.com>" zone in a way that authorities > could know how to handle? IMHO that's exceedingly unlikely. The wildcard label has special meaning and recursive servers also need to know about it for DNSSEC. I'd like to hear from actual web content providers as to whether lack of support for wildcards would be an issue. Having worked in that business (albeit many years ago) I suspect it would be. There are many web services that offer content under <username>.<domain> where the username portion is synthesized from a DNS wildcard record rather than provisioning separate DNS records for every single registered username. Ray
- [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Tony Finch
- Re: [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Martin Thomson
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Martin Thomson
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Daniel Stenberg
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Tony Finch
- Re: [Http-srv] Alternative to SRV? Mark Andrews
- Re: [Http-srv] Alternative to SRV? Tony Finch
- Re: [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Erik Nygren
- Re: [Http-srv] Alternative to SRV? Shumon Huque
- Re: [Http-srv] Alternative to SRV? Ray Bellis
- Re: [Http-srv] Alternative to SRV? Shumon Huque
- Re: [Http-srv] Alternative to SRV? Erik Nygren
- Re: [Http-srv] Alternative to SRV? Patrik Fältström
- Re: [Http-srv] Alternative to SRV? Ray Bellis