I'm a fan of Michael's suggestion of using EDNS to signal that the authoritative should return ALIAS vs synthesizing. Any reason this won't work?
-Anthony On Tue, Jun 11, 2019 at 8:05 PM Evan Hunt <e...@isc.org> wrote: > On Tue, Jun 11, 2019 at 10:31:55AM +0200, Matthijs Mekking wrote: > > The main argument for putting it in the answer section is that putting > > it in the additional section implies a lower trust level, and that the > > record is optional and can be removed when minimizing responses. > > I'm inclined to favor this argument (probably unsurprisingly, since I'm the > one who argued it). > > IMHO, the ANAME is the real answer we're sending; the A and AAAA records > are just friendly hand-holding for legacy servers. It doesn't make sense > to me to demote the real answer into the additional section, any more than > it would have to move DNAME there. The protocol specificaions are clear on > this point - the more so considering we've already deployed DNAME - and my > sympathies for an implementation that got it wrong would be limited. > > That said, if any resolver implementations are known to choke if they see > an unexpected extra RRset in the answer section, it would be good to find > out about it. I guess we should do some testing. > > Hm, stub resolvers might be stupider than full resolvers. Perhaps it > would be useful to differentiate RD=0 and RD=1? > > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > -- DNSimple.com http://dnsimple.com/ Twitter: @dnsimple
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop