Re: [DNSOP] New draft for ALIAS/ANAME type

In many cases, DNS Made Easy is seeing ANAME records requiring synthesized A record updates every 90 seconds or so. Also, it is surprising to me that our non-apex ANAME record count has surpassed apex ANAME record count by a significant amount. We have approximately 25% fewer apex ANAME records tha

Re: [DNSOP] New draft for ALIAS/ANAME type

On 4.4.2017 19:30, Matthew Pounsett wrote: > On 4 April 2017 at 13:21, Tony Finch > wrote: > > > I believe that's a faulty assumption. Here's some data: > > > > [...] During the month of February, [...] an average of 31 changes > per zone. [...] > > Th

Re: [DNSOP] New draft for ALIAS/ANAME type

On 4 April 2017 at 13:21, Tony Finch wrote: > > I believe that's a faulty assumption. Here's some data: > > > > [...] During the month of February, [...] an average of 31 changes per > zone. [...] > > That seems to agree with what I meant, though I probably should have said > "per-zone" somewhe

Re: [DNSOP] New draft for ALIAS/ANAME type

Matthew Pounsett wrote: > On 3 April 2017 at 07:55, Tony Finch wrote: > > > > If you expand ALIAS on the master server like this, I would expect that > > most of the time the target addresses won't change very frequently, so the > > IXFR rate should be much less than the ALIAS polling frequency.

Re: [DNSOP] New draft for ALIAS/ANAME type

On 3 April 2017 at 07:55, Tony Finch wrote: > > If you expand ALIAS on the master server like this, I would expect that > most of the time the target addresses won't change very frequently, so the > IXFR rate should be much less than the ALIAS polling frequency. > I believe that's a faulty assum

Re: [DNSOP] New draft for ALIAS/ANAME type

On Mon, 3 Apr 2017, Evan Hunt wrote: I said what now? Had I recently had dental surgery? I don't remember this. Sorry about misremembering what you said. (I do believe an authoritative server should be *able* to operate without built-in recursive code But I definitely wouldn't phrase th

Re: [DNSOP] New draft for ALIAS/ANAME type

On Mon, Apr 03, 2017 at 03:48:49PM -0400, Paul Wouters wrote: > As Evan said, there should not be any code in an authoritative server > that requires it to do recursive validation. I said what now? Had I recently had dental surgery? I don't remember this. If you mean the comment I made on the A

Re: [DNSOP] New draft for ALIAS/ANAME type

Hi Dan, On 3 Apr 2017, at 21:40, Dan York wrote: I very much like the idea of this draft, given that I use multiple DNS hosting providers who all have their own unique (and proprietary) way of doing "CNAME flattening at the apex". I think the reality of today's user experience with domain nam

Re: [DNSOP] New draft for ALIAS/ANAME type

On Mon, 3 Apr 2017, Dan York wrote: I very much like the idea of this draft, given that I use multiple DNS hosting providers who all have their own unique (and proprietary) way of doing "CNAME flattening at the apex". I think the reality of today's user experience with domain names is that we

Re: [DNSOP] New draft for ALIAS/ANAME type

I very much like the idea of this draft, given that I use multiple DNS hosting providers who all have their own unique (and proprietary) way of doing "CNAME flattening at the apex". I think the reality of today's user experience with domain names is that we are increasingly dropping the "www" or

Re: [DNSOP] New draft for ALIAS/ANAME type

In article you write: >So I think my conclusion is that ALIAS is both unnecessary and unhelpful >for RRtypes other than A and . Depends. If you allow what I described, shadowing records from a server that thinks it's authoritative from the zone but isn't, it's definitely useful for MX, possi

Re: [DNSOP] New draft for ALIAS/ANAME type

Peter van Dijk wrote: > On 31 Mar 2017, at 12:10, Tony Finch wrote: > > > > Does the more ambitious version use the NSEC rdata format so that you can > > have different target names for different alias RR types? > > I got this question some time ago when I was working on ALIAS for PowerDNS. > Back

Re: [DNSOP] New draft for ALIAS/ANAME type

Peter van Dijk wrote: > > There are PowerDNS ALIAS deployments that signs offline (for some > stretch of the definition of offline) - every minute. For small zones > the NOTIFY+XFR overhead is very tolerable, and the public auths do not > need the private key data. If you expand ALIAS on the mast

Re: [DNSOP] New draft for ALIAS/ANAME type

This gets you a single lookup with no followup queries required once the recursive server supports this. If the client is still talking to a legacy server it would still need to do followup queries for missing records. I like this but there's an obvious question: if the recursive server has to

Re: [DNSOP] New draft for ALIAS/ANAME type

On 31 Mar 2017, at 17:54, Tim Wicinski wrote: On 3/31/17 10:33 AM, John Levine wrote: Now we're back to the same issue I raised with BULK. Everyone now has to carefully check what features are supported by all of their secondary servers, as opposed to now where I don't even know or care wh

Re: [DNSOP] New draft for ALIAS/ANAME type

The long term way to fix this is for DNS servers to *always* fill in the additional section for select RR types (e.g. SRV) including chasing down missing additional records and setting TC=1 if those additional records will not fit for recursive queries. TC=1 is already required when glue records

Re: [DNSOP] New draft for ALIAS/ANAME type

On 3/31/17 10:33 AM, John Levine wrote: Now we're back to the same issue I raised with BULK. Everyone now has to carefully check what features are supported by all of their secondary servers, as opposed to now where I don't even know or care what software they use. Some of us hoped we got o

Re: [DNSOP] New draft for ALIAS/ANAME type

In article <9232f4f4-772f-48aa-80fb-c990662af...@powerdns.com> you write: >On 31 Mar 2017, at 1:08, John Levine wrote: > >>> If you sign offline, what happens when the A records change? >> >> You Lose(tm). For that matter, you lose even when the A records don't >> change since the signer only sees

Re: [DNSOP] New draft for ALIAS/ANAME type

Hello Tony, On 31 Mar 2017, at 12:10, Tony Finch wrote: Evan Hunt wrote: (Incidentally, I'm working on a somewhat more ambitious ANAME draft with Peter van Dijk and Anthony Eden, who has kindly agreed to merge his efforts with ours. I expect to post it in a few days, stay tuned.) Does th

Re: [DNSOP] New draft for ALIAS/ANAME type

On 31 Mar 2017, at 1:08, John Levine wrote: If you sign offline, what happens when the A records change? You Lose(tm). For that matter, you lose even when the A records don't change since the signer only sees the ANAME, not the A or . There are PowerDNS ALIAS deployments that signs offl

Re: [DNSOP] New draft for ALIAS/ANAME type

Evan Hunt wrote: > (Incidentally, I'm working on a somewhat more ambitious ANAME draft with > Peter van Dijk and Anthony Eden, who has kindly agreed to merge his efforts > with ours. I expect to post it in a few days, stay tuned.) Does the more ambitious version use the NSEC rdata format so that

Re: [DNSOP] New draft for ALIAS/ANAME type

Thank You to Evan and Peter for working with Anthony on a merged draft. On Thu, Mar 30, 2017 at 6:13 PM, Evan Hunt wrote: > On Thu, Mar 30, 2017 at 11:08:06PM -, John Levine wrote: > > though ANAME is vastly less complex. It requires that an > > authoritative server include a recursive cl

Re: [DNSOP] New draft for ALIAS/ANAME type

On Thu, Mar 30, 2017 at 11:08:06PM -, John Levine wrote: > though ANAME is vastly less complex. It requires that an > authoritative server include a recursive client and do online signing, > both of which would be rather large additions to the mandatory set of > server features. It can outsou

Re: [DNSOP] New draft for ALIAS/ANAME type

>If you sign offline, what happens when the A records change? You Lose(tm). For that matter, you lose even when the A records don't change since the signer only sees the ANAME, not the A or . I did an ANAME like feature in my DNS system, entirely on the provisioning side. It does offline si

Re: [DNSOP] New draft for ALIAS/ANAME type

I don't think you can drop section 3.4 completely, but it should be updated to acknowledge Refuse-Any . Only behavior 2 (HINFO synthesization) allows total ignorance of special ALIAS behavior; every other (including conventional)

Re: [DNSOP] New draft for ALIAS/ANAME type

Anthony, Good writeup Section 3.4 is in conflict with Refuse-Any draft (in WGLC) IMHO there is no need to say that there is special processing for ANY query; so drop section 3.4 Olafur On Wed, Mar 29, 2017 at 9:51 AM, Anthony Eden wrote: > After attending the dnsop meeting on Monday I decid

Re: [DNSOP] New draft for ALIAS/ANAME type

On Wed, Mar 29, 2017 at 9:51 AM, Anthony Eden wrote: > After attending the dnsop meeting on Monday I decided it was time I > submitted my first ID for review: > > https://datatracker.ietf.org/doc/draft-dnsop-eden-alias-rr-type/ > > This draft describes the ALIAS/ANAME record (aka CNAME-flattening

Re: [DNSOP] New draft for ALIAS/ANAME type

On Wed, Mar 29, 2017 at 11:14 AM, Pieter Lexis wrote: > Hello Anthony, > > On Wed, 29 Mar 2017 08:51:50 -0500 > Anthony Eden wrote: > >> https://datatracker.ietf.org/doc/draft-dnsop-eden-alias-rr-type/ >> >> This draft describes the ALIAS/ANAME record (aka CNAME-flattening) >> that numerous vendo

Re: [DNSOP] New draft for ALIAS/ANAME type

Pieter Lexis wrote: > > There is no mention of the fact that ALIAS is mostly meant for zone > apexes where other records MUST be present and a CNAME cannot exist. > CNAMEs would cover non-apex usecases for ALIAS. There are lots of non-apex situations where you can't use a CNAME, e.g. where mail d

Re: [DNSOP] New draft for ALIAS/ANAME type

Hello Anthony, On Wed, 29 Mar 2017 08:51:50 -0500 Anthony Eden wrote: > https://datatracker.ietf.org/doc/draft-dnsop-eden-alias-rr-type/ > > This draft describes the ALIAS/ANAME record (aka CNAME-flattening) > that numerous vendors and DNS providers are now supporting in > proprietary fashions.

[DNSOP] New draft for ALIAS/ANAME type

After attending the dnsop meeting on Monday I decided it was time I submitted my first ID for review: https://datatracker.ietf.org/doc/draft-dnsop-eden-alias-rr-type/ This draft describes the ALIAS/ANAME record (aka CNAME-flattening) that numerous vendors and DNS providers are now supporting in p