On Sat, 23 Jun 2018, Evan Hunt wrote:
Either way we end up importing all of the failure modes of a recursive
server into an authoritative one.
I wasn't disagreeing about it being regrettable, I just wanted to nip in
the bud any repeat of the argument that the auth server would itself have
to be upgraded into a recursive server.
Like I said, it's a disctinction without a difference. I don't care
whether the authoritative and recursive servers are in one process or talk
to each other through some sort of IPC. Either way the authoritative
server has to deal with all of the ways that recursive queries can fail.
I have an ANAME like kludge in the provisioning crudware for my
authoritative server which ignores most of the failures, but that's not
going to work past toy scale.
The goal of ANAME is for the processing to be done on the resolver side.
Addresses that are included in the authoritative response alongside
ANAME should be ignored by the resolver and re-queried. But, for the
benefit of legacy resolvers that don't know what to do with an ANAME, the
auth would need to provide some sort of usable answer, which means it has
to be able to look up addresses for the target name (whether it does that
internally or via resolv.conf). It would be nice if that could be avoided,
but there's no straightforward way.
Well, yes, that's why ANAME is a mess, and I'd rather see if we can figure
how to make CNAME coexist so the recursion is all done in the recursive
code.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
