On Fri, Jun 22, 2018 at 03:18:43PM -0400, John R Levine wrote: > > Minor clarification here: ANAME doesn't require the authoritative server > > itself to do recursion; it requires it to have access to a reursive > > server. > > I suppose, but that seems to me a distinction without a difference. > Either way we end up importing all of the failure modes of a recursive > server into an authoritative one.
I wasn't disagreeing about it being regrettable, I just wanted to nip in the bud any repeat of the argument that the auth server would itself have to be upgraded into a recursive server. The goal of ANAME is for the processing to be done on the resolver side. Addresses that are included in the authoritative response alongside ANAME should be ignored by the resolver and re-queried. But, for the benefit of legacy resolvers that don't know what to do with an ANAME, the auth would need to provide some sort of usable answer, which means it has to be able to look up addresses for the target name (whether it does that internally or via resolv.conf). It would be nice if that could be avoided, but there's no straightforward way. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop