At Mon, 03 Jul 2017 11:23:01 +0200,
"Peter van Dijk" wrote:
> > In that sense I see some disparity with the
> > ALIAS record of Amazon Route53, one of the earliest (and probably
> > largest) players of the idea:
> > - Supporting other types of records than and A
> > - Allowing different targ
Hello Jinmei,
apologies for the delay. Due to the length of your email I flagged it
for later reading and then I got distracted by other things.
On 13 Apr 2017, at 22:27, 神明達哉 wrote:
Overall I agree this is worth trying to achieve. There is a clear
need for the ability of defining an alias
神明達哉 wrote:
>
> As long as those records are generated from the target name that would
> probably be okay. But the current draft doesn't seem to enforce it,
> and, (probably unintentionally/implicitly) allows the following setup:
>
> .example.com. ANAME .example.net.
> .example.com. A
On Thu, 20 Apr 2017, Evan Hunt wrote:
Once again, the recursive resolver needn't be built in. It only has to be
accessible -- via resolv.conf, for example.
Mmmm, populating auth servers based on at most an AD bit of something
from resolv.conf. Which more and more people are just pointing to
8.
On Thu, Apr 20, 2017 at 04:54:55PM -0400, Paul Wouters wrote:
> If that is your use case, I also see no point in ANAME being used by
> resolvers, and you should just create the new XFR type for this, so that
> AUTH servers can update their A/ records without needing any
> recursive DNS protocol
On Thu, 20 Apr 2017, Evan Hunt wrote:
But, because there are always going to be legacy servers, the client would
then need to send an ANAME query, and when it got no answer, send another
query for A and .
If clients were willing to do that, then they'd have been willing to use
SRV, and we'd
At Tue, 18 Apr 2017 13:54:54 +0100,
Tony Finch wrote:
> > I also wonder whether it's okay to allow ' or A' and ANAME to
> > coexist for the same owner name. Shouldn't it be prohibited similar
> > to that CNAME and other types can't coexist?
>
> From the point of view of a provisioning-side i
On 04/20/2017 08:36 AM, Evan Hunt wrote:
On Wed, Apr 19, 2017 at 10:47:24PM -0400, Paul Wouters wrote:
ANAME could just be a regular RRTYPE without any special handling,
meaning "go look there for up to date information on A/". It could
come along A/ records using one of the existing bit
On Wed, Apr 19, 2017 at 10:47:24PM -0400, Paul Wouters wrote:
> ANAME could just be a regular RRTYPE without any special handling,
> meaning "go look there for up to date information on A/". It could
> come along A/ records using one of the existing bitmaps multi-type
> query proposals that
On Wed, 19 Apr 2017, Peter van Dijk wrote:
Type bitmaps would preclude simple implementations that use getaddrinfo
to do their business. As much as I think the idea may have merit, I feel
this draft should stay close to the long list of existing ALIAS/ANAME
implementations if it wants any chan
On 14 Apr 2017, at 22:03, John Levine wrote:
In article <05429b5d-904b-4913-9843-654c917de...@powerdns.com> you
write:
Wouldn't it be safer to put the ANAME in the additional section?
My thinking was that given that DNAME got away with being in ANSWER,
so
could we.
Seems to me that it bel
神明達哉 wrote:
>
> I also wonder whether it's okay to allow ' or A' and ANAME to
> coexist for the same owner name. Shouldn't it be prohibited similar
> to that CNAME and other types can't coexist?
From the point of view of a provisioning-side implementation of ANAME, the
A and records are
In article
you write:
>-=-=-=-=-=-
>
>Hi Peter,
>
>one question, will authoritative server return multiple ANAME RRs for the
>same domain at one dns query ?
We can probably assume that multiple ANAMEs are treated the same as multiple
CNAMEs or multiple DNAMEs.
Don't Do That.
R's,
John
___
In article <05429b5d-904b-4913-9843-654c917de...@powerdns.com> you write:
>> Wouldn't it be safer to put the ANAME in the additional section?
>
>My thinking was that given that DNAME got away with being in ANSWER, so
>could we.
Seems to me that it belongs in the answer section, since for aname-aw
At Fri, 7 Apr 2017 18:11:39 +,
Evan Hunt wrote:
> Here's the new ANAME draft I mentioned last week.
>
> This is similar to existing non-standard approaches (ALIAS records,
> CNAME-flattening, etc) but also sends the ANAME record to the resolver so
> that, if the resolver understands the ANAME
Hello,
On 13 Apr 2017, at 11:53, Lanlan Pan wrote:
Hi Peter,
one question, will authoritative server return multiple ANAME RRs for
the
same domain at one dns query ?
for example,
www.example.com ANAME us.www.example.com
www.example.com ANAME cn.www.example.com
or return only one selec
Hi Peter,
one question, will authoritative server return multiple ANAME RRs for the
same domain at one dns query ?
for example,
www.example.com ANAME us.www.example.com
www.example.com ANAME cn.www.example.com
or return only one selected ANAME RR for one domain ? (based on
authoritative's
On 11 Apr 2017, at 17:54, Tony Finch wrote:
When an ANAME record is present at a DNS node and a query is
received
by an authoritative server for type A or , the authoritative
server returns the ANAME RR in the answer section.
Wouldn't it be safer to put the ANAME in the additional
On 11 Apr 2017, at 20:16, Paul Wouters wrote:
On Tue, 11 Apr 2017, Tony Finch wrote:
ANAME
records are not just for zone apexes. There are lots of other cases
where
address records need a different alias target from MX records, or
NAPTR
records, etc.
Can you give me an example of deployin
On 11 Apr 2017, at 21:11, Paul Wouters wrote:
I still feel using ANAME without preprocessing by auth nameservers and
fixing returning multiple record type to a single query is the more
generic and fix for this problem.
As Evan said, we would love to go back in time and add ANAME support to
al
On 12 Apr 2017, at 10:21, Florian Weimer wrote:
SRV wouldn't work anyway because it is incompatible with existing name
resolution interfaces anyway.
Which browsers tend to avoid as far as I know, but it’s besides the
point - browsers are not doing SRV and we have to accept that.
If you do n
Paul Wouters wrote:
>
> Hmm okay. Although you could just make a real zone cut there and then it
> becomes the APEX case again :P
Well, this is the kind of "just" that involves a huge co-ordination cost
updating the configuration of on-site and off-site secondary servers, and
may have billing imp
On 04/11/2017 10:47 PM, Evan Hunt wrote:
On Tue, Apr 11, 2017 at 10:20:31PM +0200, Florian Weimer wrote:
And in order to accommodate them, we upgrade the DNS server
infrastructure across the Internet?
Them, and web browser implementers who just don't want to use SRV.
SRV wouldn't work anyway
On Tue, Apr 11, 2017 at 10:20:31PM +0200, Florian Weimer wrote:
> And in order to accommodate them, we upgrade the DNS server
> infrastructure across the Internet?
Them, and web browser implementers who just don't want to use SRV.
We did the best we could to ensure it can be deployed gradually,
On 04/11/2017 10:16 PM, Evan Hunt wrote:
On Tue, Apr 11, 2017 at 09:11:54PM +0200, Florian Weimer wrote:
I don't see how you can detect loops without DNS protocol changes. The
query that comes back will look like a completely fresh query.
We can put a limit on the number of hops that are foll
On Tue, Apr 11, 2017 at 10:21:13PM +0200, Florian Weimer wrote:
> But what happens when the target server also performs cache filling at
> the same time?
If two servers end up being unable to populate their address records
because they're depending on each other for answers, then you end up
with
On 04/11/2017 10:15 PM, Tony Finch wrote:
On 11 Apr 2017, at 20:39, Florian Weimer wrote:
On 04/11/2017 09:15 PM, Tony Finch wrote:
That doesn't work if the web server is at 3rd party provider A but you want
provider B's mail service not provider A's.
I don't understand.
I think it boils
On Tue, Apr 11, 2017 at 09:11:54PM +0200, Florian Weimer wrote:
> I don't see how you can detect loops without DNS protocol changes. The
> query that comes back will look like a completely fresh query.
We can put a limit on the number of hops that are followed in populating
the A and record
On 04/11/2017 09:15 PM, Tony Finch wrote:
On 11 Apr 2017, at 20:09, Florian Weimer wrote:
On 04/11/2017 08:42 PM, Tony Finch wrote:
If you have a subdomain that needs to be a mail domain and a web site, you
need an MX pointing at your mail server and address records pointing at
your web ser
On 04/10/2017 12:04 PM, Peter van Dijk wrote:
Section 3 is currently written in such a way that a recursive DNS
lookup must be performed at the authoritative server side. I don't
think it is necessary to require that. A recursive DNS lookup of the
target is just one way to implement this.
Wh
> On 11 Apr 2017, at 20:09, Florian Weimer wrote:
>
>> On 04/11/2017 08:42 PM, Tony Finch wrote:
>>
>> If you have a subdomain that needs to be a mail domain and a web site, you
>> need an MX pointing at your mail server and address records pointing at
>> your web server. You can't use a CNAME
On 04/11/2017 08:42 PM, Tony Finch wrote:
Paul Wouters wrote:
Can you give me an example of deploying ANAME outside the zone APEX that
is not solved by allowing a CNAME to point to a CNAME (which most code I
think already allows anyway)
https://www.ietf.org/mail-archive/web/dnsop/current/msg
On 04/11/2017 05:45 PM, Tony Finch wrote:
Florian Weimer wrote:
I think the introduction should discuss why it is not possible to push the
CNAME to the parent zone, replacing the entire zone with an alias.
You can't replace an entire zone with a CNAME if it has subdomains. ANAME
records are
Paul Wouters wrote:
>
> Can you give me an example of deploying ANAME outside the zone APEX that
> is not solved by allowing a CNAME to point to a CNAME (which most code I
> think already allows anyway)
https://www.ietf.org/mail-archive/web/dnsop/current/msg19909.html
If you have a subdomain tha
On Tue, 11 Apr 2017, Tony Finch wrote:
ANAME
records are not just for zone apexes. There are lots of other cases where
address records need a different alias target from MX records, or NAPTR
records, etc.
Can you give me an example of deploying ANAME outside the zone APEX that
is not solved by
Evan Hunt wrote:
>
> Expansion of ANAME on the authoritative end is a workaround for the
> fact that we can't go back in time and put ANAME support into all
> the resolvers.
On the authoritative side I think server behaviour should be partitioned
into primary and secondary:
Primary servers are a
Florian Weimer wrote:
>
> I think the introduction should discuss why it is not possible to push the
> CNAME to the parent zone, replacing the entire zone with an alias.
You can't replace an entire zone with a CNAME if it has subdomains. ANAME
records are not just for zone apexes. There are lots
Hello Jan,
On 10 Apr 2017, at 16:16, Jan Včelák wrote:
> On Fri, Apr 7, 2017 at 8:11 PM, Evan Hunt wrote:
>> Here's the new ANAME draft I mentioned last week.
>
> Besides that, The Security Section should warn DNS operators that
> ANAME may be misused to leak data from any internal networks the
>
On Sat, Apr 08, 2017 at 06:32:12PM -0400, Paul Wouters wrote:
> > Resolvers don't ask for ANAME. They ask for A/, and get an A/
> > answer, along with an ANAME record so they can go directly to the source
> > and get a better answer if they support that.
>
> If these are the premises for A
In article <44ae341f-0424-14c7-2834-656991d40...@bellis.me.uk> you write:
>> Many TLD registries simply don't permit CNAMEs instead of delegations
>> for their customer domains.
>>
>> The only one I've heard of that does is .de
>
>My real point being that the parent / child relationship can have p
On Fri, Apr 7, 2017 at 8:11 PM, Evan Hunt wrote:
> Here's the new ANAME draft I mentioned last week.
Hey, thanks for this one! I support the attempt to define a record
type that would cover the existing vendor-specific types that
synthesize A/ records in zone apex. If this gets adopted by the
On 10/04/2017 11:39, I wrote:
> Many TLD registries simply don't permit CNAMEs instead of delegations
> for their customer domains.
>
> The only one I've heard of that does is .de
My real point being that the parent / child relationship can have policy
rules in place that prevent things that a
On 10/04/2017 11:04, Peter van Dijk wrote:
> Why this is not possible seems obvious to me, but we’ll see what we can
> write.
Many TLD registries simply don't permit CNAMEs instead of delegations
for their customer domains.
The only one I've heard of that does is .de
Ray
On 10 Apr 2017, at 11:29, Florian Weimer wrote:
On 04/07/2017 08:11 PM, Evan Hunt wrote:
Title: Address-specific DNS Name Redirection (ANAME)
I think the introduction should discuss why it is not possible to push
the CNAME to the parent zone, replacing the entire zone with an alias.
On 04/07/2017 08:11 PM, Evan Hunt wrote:
Title: Address-specific DNS Name Redirection (ANAME)
I think the introduction should discuss why it is not possible to push
the CNAME to the parent zone, replacing the entire zone with an alias.
Section 3 is currently written in such a way th
On 10 Apr 2017, at 1:04, Richard Gibson wrote:
On Sun, Apr 9, 2017 at 3:56 PM, Peter van Dijk
wrote:
This section calls for limiting the TTL of cached address records to
the
lesser of the ANAME TTL and the TTL of the retrieved address
records, but
section 3 requires servers to follow chaine
On Sun, Apr 9, 2017 at 3:56 PM, Peter van Dijk
wrote:
> Thank you for taking the time for this.
My pleasure; this topic has frequently been on my mind over the past
several years. Thank you for drafting it.
*Section 3.1*
>>
>
>> This section calls for limiting the TTL of cached address records
Hello Richard,
On 9 Apr 2017, at 3:38, Richard Gibson wrote:
I'm happy to see progress being made on this front. Some comments:
Thank you for taking the time for this.
*Section 3.1*
This section calls for limiting the TTL of cached address records to
the
lesser of the ANAME TTL and the TT
I'm happy to see progress being made on this front. Some comments:
*Section 3.1*
This section calls for limiting the TTL of cached address records to the
lesser of the ANAME TTL and the TTL of the retrieved address records, but
section 3 requires servers to follow chained responses. Are the TTLs
On Fri, 7 Apr 2017, Evan Hunt wrote:
The hope here is that, in the long run, ANAME resolution would be the job
of the resolver, which in in a position to get the best answer for its
clients, given geolocation and topology considerations.
Expansion of ANAME on the authoritative end is a workarou
Hi Paul,
On Fri, Apr 07, 2017 at 05:16:14PM -0400, Paul Wouters wrote:
> When a recursive resolver sends a query of type A or and
> receives a response with an ANAME RRset in the answer section, it
> MUST re-query for the ANAME . This is necessary because, in
> some cases, th
On Fri, 7 Apr 2017, Evan Hunt wrote:
Here's the new ANAME draft I mentioned last week.
I like this one a little better, but :)
When an ANAME record is present at a DNS node and a query is received
by an authoritative server for type A or , the authoritative
server returns the ANA
Hi Job,
On 7 Apr 2017, at 20:24, Job Snijders wrote:
> Dear Evan & Authors,
>
> Can you add a RFC 7942 section to this document?
Absolutely, we’ll do that in -01.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
___
DNSOP
Dear Evan & Authors,
Can you add a RFC 7942 section to this document?
Pending an IANA Early Allocation, I expect these implementations to be
residing in private / beta branches until a DNS RR data type value has
been assigned.
I think it will be beneficial for the working group dialogue to have
Greetings,
Here's the new ANAME draft I mentioned last week.
This is similar to existing non-standard approaches (ALIAS records,
CNAME-flattening, etc) but also sends the ANAME record to the resolver so
that, if the resolver understands the ANAME type, it can re-query for the
answer just as it wo
55 matches
Mail list logo
