IETF Logo Mail Archive

Re: [dnsext] Some thoughts on the updated aliasing draft

"John Levine" <johnl@iecc.com> Sat, 26 March 2011 20:32 UTC

Return-Path: <dnsext-bounces@ietf.org>
X-Original-To: namedroppers-archive-gleetwall6@lists.ietf.org
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A2E23A6821; Sat, 26 Mar 2011 13:32:26 -0700 (PDT)
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 139453A6821 for <dnsext@core3.amsl.com>; Sat, 26 Mar 2011 13:32:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.742
X-Spam-Level:
X-Spam-Status: No, score=-110.742 tagged_above=-999 required=5 tests=[AWL=0.457, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4dOmtqzaNUN for <dnsext@core3.amsl.com>; Sat, 26 Mar 2011 13:32:24 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [64.57.183.53]) by core3.amsl.com (Postfix) with ESMTP id B7F4B3A6811 for <dnsext@ietf.org>; Sat, 26 Mar 2011 13:32:23 -0700 (PDT)
Received: (qmail 95686 invoked from network); 26 Mar 2011 20:33:58 -0000
Received: from mail1.iecc.com (64.57.183.56) by mail1.iecc.com with QMQP; 26 Mar 2011 20:33:58 -0000
Date: Sat, 26 Mar 2011 20:33:36 -0000
Message-ID: <20110326203336.44885.qmail@joyce.lan>
From: John Levine <johnl@iecc.com>
To: dnsext@ietf.org
In-Reply-To: <AANLkTimOKdFt9PyRD_hEdQstyak9Z-eCOAHm3FYooMjL@mail.gmail.com>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Subject: Re: [dnsext] Some thoughts on the updated aliasing draft
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsext-bounces@ietf.org
Errors-To: dnsext-bounces@ietf.org

>But the reality is that the operators actually want the applications
>to treat two domain names as the same.  That's a lot harder than
>simply having the same IP returned when looking up an A record at
>each one.

This seems blindingly obvious to me, but I get the impression that
there is still a faction that thinks that if they can arrange for
matching A records, they're done.

>The only way around that that I can see at the moment is to either
>declare one record to be canonical (forcing applications to "correct"
>any names they are currently using to the canonical name) or use an
>additional layer of indirection so that all of the records that are
>the same point to some meta-target.

Agreed.  One point that I think is not well understood is that the
structure in the DNS and what the users see need not be perfectly
matched.  In particular, it's quite possible for the DNS to have one
canonical record with everything else pointing to it, but at the
application level all the names look the same.  If I were hacking on
my web or mail servers to handle this stuff, a simple way to do the
configuration would be to configure in the canonical name, and then
set a flag saying also to handle all of the aliases.

R's,
John
_______________________________________________
dnsext mailing list
dnsext@ietf.org
https://www.ietf.org/mailman/listinfo/dnsext

v2.23.0 | Report a Bug | By Email