IETF Logo Mail Archive

Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment

Mark Andrews <marka@isc.org> Wed, 16 February 2011 21:29 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 138853A6CBA; Wed, 16 Feb 2011 13:29:31 -0800 (PST)
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F3323A6CB0 for <dnsext@core3.amsl.com>; Wed, 16 Feb 2011 13:29:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NpWmYJVlwEyt for <dnsext@core3.amsl.com>; Wed, 16 Feb 2011 13:29:26 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by core3.amsl.com (Postfix) with ESMTP id 37EB53A6CBA for <dnsext@ietf.org>; Wed, 16 Feb 2011 13:29:26 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id 2D4125F983B; Wed, 16 Feb 2011 21:29:37 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:ea06:88ff:fef3:4f9c]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id D880B216C22; Wed, 16 Feb 2011 21:29:34 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 57D64A3F344; Thu, 17 Feb 2011 08:29:30 +1100 (EST)
To: Tony Finch <dot@dotat.at>
From: Mark Andrews <marka@isc.org>
References: <20110216032120.43474.qmail@joyce.lan><alpine.LSU.2.00.1102161143180.5244@hermes-1.csi.cam.ac.uk>
In-reply-to: Your message of "Wed, 16 Feb 2011 11:55:57 -0000." <alpine.LSU.2.00.1102161143180.5244@hermes-1.csi.cam.ac.uk>
Date: Thu, 17 Feb 2011 08:29:30 +1100
Message-Id: <20110216212930.57D64A3F344@drugs.dv.isc.org>
Cc: John Levine <johnl@iecc.com>, dnsext@ietf.org
Subject: Re: [dnsext] we need help to make names the same, was draft-yao-dnsext-identical-resolution-02 comment
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

In message <alpine.LSU.2.00.1102161143180.5244@hermes-1.csi.cam.ac.uk>, Tony Fi
nch writes:
> On Wed, 16 Feb 2011, John Levine wrote:
> >
> > It would not be absurd to argue that the most reasonable way to solve
> > the provisioning issues is for the SMTP and HTTP servers to ask the
> > DNS what the canonical name for an otherwise unknown name is, so those
> > servers are just provisioned with the canonical name and an "allow
> > variants" flag.
> 
> It used to be the case that SMTP servers would rewrite domains in
> addresses by replacing a CNAME owner with its target. See RFC 1123 section
> 5.2.2. This requirement no longer exists but there is still code out there
> that supports it. I think it would be quite reasonable to add a feature
> for optional cname-based canonicalization to an MTA. (You can probably do
> it now using Exim's configuration language, though it'll probably be a bit
> ugly.)
> 
> There is also some HTTP server code out there that hooks into the DNS for
> server name canonicalization - see Apache's UseCanonicalName DNS option,
> which is my fault. It uses reverse DNS lookups (it was designed for
> IP-based virtual hosting) but I don't think it would be hard to do
> something similar based on CNAME records.
> 
> Note that server features like this are nice to have but not absolutely
> necessary.

HTTP abuses CNAME.  If HTTP clients where following the design
principles behind CNAME then the HTTP request would be re-written
when a CNAME was seen.  Instead they ignored the CNAME and as a
result effectively treated it like a single MX record which is wrong
and has caused problems all along.

When we actually want to use CNAMEs for what they are designed to
be used for we find HTTP has hijacked them.

There still isn't a formal RFC for SRV with HTTP.

> Tony.
> -- 
> f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
> HUMBER THAMES DOVER WIGHT PORTLAND: NORTH BACKING WEST OR NORTHWEST, 5 TO 7,
> DECREASING 4 OR 5, OCCASIONALLY 6 LATER IN HUMBER AND THAMES. MODERATE OR
> ROUGH. RAIN THEN FAIR. GOOD.
> _______________________________________________
> dnsext mailing list
> dnsext@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsext
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email