On 21.05.2014 11:52, Ralf Weber wrote:
Moin!
Hi Ralf,
Oh and then came DNAME for redirecting whole domain trees and that might have been a nice idea if I have a couple of domains and want them all to have the same data. But I do not know of Registries/Registrars that picked that up. Or is there widespread deployment?
To my knowledge, the .gr TLD registry uses DNAME besides puntCAT (.cat), in whose operation I am involved. From a technical perspective, we have not encountered problems with DNAMEs so far, but, of course, the registrants would prefer to be able to use the variant name without a subdomain prefix as well.
With the new gTLDs, those customers of us who intend to offer variants preferred not to use DNAME variants, not only because of the risk of getting special attention from ICANN ("extended validation"), but also because of the redirection problem of the variant name itself. As the alternatives also have operational deficits as well, I do not regard it as impossible that future gTLDs would use a fully working DNS redirection or that even existing gTLDs/ccTLDs would move to that once available. But this is, of course, my humble opinion, not based on any inquiry.
Now having an ENAME that initially will break all existing DNSSEC resolvers (Who can't validate any longer, because they don't support the algorithm yet) is IMHO not the right message when we want people to deploy DNSSEC and especially do validation.
Well, I do not regard myself as an expert in DNS matters and cannot really estimate the impact of protocol changes, since I lack the "global view" to some extend (so I would have introduced IDNs as UTF-8 labels instead of the tricky, but still inconvenient Punycode, but that's another story). So my point of view is more that of a DNS user than of a protocol guru.
Regards, Klaus _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
