On 2014-05-08 07:45, Barry Margolin wrote:
In article <mailman.171.1399542062.26362.bind-us...@lists.isc.org>,
  Tony Finch <d...@dotat.at> wrote:

Dave Warren <da...@hireahit.com> wrote:
DNSMadeEasy calls this an "ANAME" record, internally they just lookup the
destination's IP and cache it, updating it as needed.

It works, but it would be nice if this could be done in DNS. Sadly, it
can't,
and probably won't in our lifetimes.
Never say never :-)

You can implement something ANAME-alike with a script that polls the
A and AAAA records at the target name and does a DNS UPDATE on the owner
as necessary, but that might not scale too well.

There are a couple of difficulties with implementing ANAME inside the
server.

Firstly it implies a weird authoritative/recursive hybrid. A bit ugly but
not unreasonable.

Secondly, and more importantly, is the question of how this works with
zone transfers and secondaries. How do you ensure they support ANAME
records? Do you include a backwards compatibility hack by adding the A and
AAAA records to the zone?
It also has adverse implications for DNS-based CDN routing, e.g. Akamai.
Everyone will be routed to the servers close to the auth servers of the
domain containing the ANAME, instead of routing each end user to their
closest servers.

Indeed. Were such a thing implemented, I'd think it would be smart to have the authoritative server return both the ANAME and A records, allowing a compliant resolver to do it's own A record lookup to find an appropriate CDN endpoint, while older resolvers with no concept of ANAME would simply ignore it and use the (possibly-less-than-optimal) A record.

Arguably adjusting CNAME to allow it to coexist with other record types might be a better long-term solution, perhaps allowing CNAME to coexist with SOA, NS and DNAME records? Although allowing a CNAME to coexist with NS could have some interesting side effects. There might be backward compatibility issues that make this impossible, but I would hazard a guess that since DNAMEs already return a matching CNAME and nothing explodes, the problems would be minor and limited in scope.

--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to