Re: [dnsext] Fwd: New Version Notification for draft-sury-dnsext-cname-dname-00
Ondřej Surý <ondrej.sury@nic.cz> Fri, 23 April 2010 10:22 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6E23D28C37C; Fri, 23 Apr 2010 03:22:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -97.3
X-Spam-Level:
X-Spam-Status: No, score=-97.3 tagged_above=-999 required=5 tests=[AWL=-0.600, BAYES_50=0.001, J_CHICKENPOX_14=0.6, J_CHICKENPOX_23=0.6, J_CHICKENPOX_42=0.6, J_CHICKENPOX_52=0.6, J_CHICKENPOX_55=0.6, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sQtuY-44vS8C; Fri, 23 Apr 2010 03:22:36 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 275F528C379; Fri, 23 Apr 2010 02:43:10 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.71 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1O5FKT-0000j2-RV for namedroppers-data0@psg.com; Fri, 23 Apr 2010 09:37:45 +0000
Received: from [2001:1488:800:400::400] (helo=mail.nic.cz) by psg.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <ondrej.sury@nic.cz>) id 1O5FKQ-0000ih-Jr for namedroppers@ops.ietf.org; Fri, 23 Apr 2010 09:37:42 +0000
Received: from [IPv6:2001:1488:ac14:1400:ac14:1a29:0:2] (unknown [IPv6:2001:1488:ac14:1400:ac14:1a29:0:2]) by mail.nic.cz (Postfix) with ESMTPSA id 24602734430; Fri, 23 Apr 2010 11:37:38 +0200 (CEST)
Message-ID: <4BD16A61.90301@nic.cz>
Date: Fri, 23 Apr 2010 11:37:37 +0200
From: Ondřej Surý <ondrej.sury@nic.cz>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100317 Lightning/1.0b1 Thunderbird/3.0.4
MIME-Version: 1.0
To: YAO Jiankang <yaojk@cnnic.cn>
CC: Mark Andrews <marka@isc.org>, namedroppers@ops.ietf.org
Subject: Re: [dnsext] Fwd: New Version Notification for draft-sury-dnsext-cname-dname-00
References: <4BC720DE.8080900@nic.cz> <5C8B7499CFD24579BD7B75CB8050FDA1@local> <4BD0521B.9090803@nic.cz> <986F4044CBEE422BB769C7BA94B90BF2@local> <4BD064E4.9060700@nic.cz> <201004230031.o3N0VRQb069783@drugs.dv.isc.org> <4BD1558D.5090703@nic.cz> <472013124.07253@cnnic.cn>
In-Reply-To: <472013124.07253@cnnic.cn>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
List-Unsubscribe: To unsubscribe send a message to namedroppers-request@ops.ietf.org with
List-Unsubscribe: the word 'unsubscribe' in a single line as the message text body.
List-Archive: <http://ops.ietf.org/lists/namedroppers/>
On 23.4.2010 10:58, YAO Jiankang wrote: > >> So it looks like those two common existing implementation are already >> ready for CNAME+DNAME. >> >> And that's exacly my point - with very simple change in CNAME semantics >> we can get full alias in the DNS tree, which is already supported by >> majority of DNS servers in the wild (at least those supporting DNAME). >> > > the CNAME is the basic record. many protocols base on it. That's not true. No protocol I know except DNS rely on CNAME. All other protocols asks for A,AAAA (usually via getaddrinfo via your resolver), MX, SRV, etc. I am not aware of any protocol directly asking for CNAME records. > if you want to break CNAME, you are trying to shake the basis of DNS. I am not breaking CNAME. If you think I am breaking CNAME please prove it or stop saying that. I am enhancing CNAME semantics to allow coexistence with DNAME. CNAME and DNAME don't share same alias space. Also there is no change by default - it could only affect other party in case you also add DNAME. > if you build a rule, 1000 users have followed it and you may update or modify the rule. > > if you build a rule, 1000,000,000 users have followed it and you should be CAUTION when you wish to update or modify the rule. > > if a new Record is submitted, someone may choose to follow or not. > but if you change the basic rule, you must push each of 1000,000,000 users to follow it. Sorry, but no, that's not true either. This could possibly break some authoritative and/or recursive DNS server. But in a way which is exactly same as adding new RRTYPE - since nobody is forced to add CNAME+DNAME to it's zone. And I have already proven that it doesn't break Bind 9 or Unbound functioning as resolvers, and that's mainly because there are already much worse scenarios in DNS tree - as I have also shown with idos.cz case. And I am willing to retest more resolvers (including older versions of Bind9), I just don't have a time for it right now. It will have no impact on common end user - because in normal circumstances CNAME is not used directly - it's handled by resolvers. Also loosening CNAME rules will not break anything for 1.000.000.000 users already using CNAMEs. It will only affect: 1) users adding CNAME+DNAME to their zones 2) users using such zones But that's not different from BNAME. I know I am touching the very basics of DNS and I also consider RFC1034 and RFC1034 to be sacred :-), but please let's work with facts, test cases, test scenarios etc. If you feel that CNAME+DNAME proposal breaks anything, please provide a test case. I would be first to say we should drop CNAME+DNAME if there is a serious breakage somewhere, but we should not reject the proposal based on Fear, Uncertainty, Doubt (tm). Also anybody is free to use experimental dname.cz zone, I am willing to add any combination of records to the zone, so you can test whatever protocol and test case you want. I could add simplified/mandarIDN f.e. if you want. BTW let me show you something, try pasting these into your browser: www.cnnic.测试.dname.cz www.cnnic.測試.dname.cz in punycode: www.cnnic.xn--0zwm56d.dname.cz www.cnnic.xn--g6w251d.dname.cz And check your mail log for rejected mail sent to: yaojk@cnnic.xn--0zwm56d.dname.cz and yaojk@cnnic.xn--g6w251d.dname.cz I put those two email addresses to Bcc:, so we don't keep them in next conversation. Ondrej > Jiankang Yao > > > >> I am sure that this will break something somewhere, but those place >> would be broken with BNAME as well. But BNAME has to be implemented >> everywhere - authoritative DNS, resolvers, firewalls, etc. >> >> Don't get me wrong, I think that BNAME is fine proposal, but I think >> that we have much simpler option right before us. Also it not something >> new, we did change semantics of CNAME before, because of DNSSEC, so I am >> not proposing revolution, just merging of two existing working principles. Ondrej -- Ondřej Surý vedoucí výzkumu/R&D manager ------------------------------------------- CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC Americka 23, 120 00 Praha 2, Czech Republic mailto:ondrej.sury@nic.cz http://nic.cz/ tel:+420.222745110 fax:+420.222745112 -------------------------------------------
- [dnsext] Fwd: New Version Notification for draft-… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Paul Vixie
- [dnsext] CNAME chains and iterative queries. Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Matthew Dempsky
- Re: [dnsext] Fwd: New Version Notification for dr… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Matthew Dempsky
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… YAO Jiankang
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Yao Jiankang
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Andrew Sullivan
- Re: [dnsext] Fwd: New Version Notification for dr… Ondřej Surý
- Re: [dnsext] Fwd: New Version Notification for dr… Andrew Sullivan
- Re: [dnsext] Fwd: New Version Notification for dr… Matthew Dempsky
- Re: [dnsext] Fwd: New Version Notification fordra… Doug Barton
- Re: [dnsext] Fwd: New Version Notification fordra… Mark Andrews
- Re: [dnsext] Fwd: New Version Notification fordra… Alex Bligh