On Mon, Sep 22, 2014 at 7:06 AM, Tony Finch <d...@dotat.at> wrote: > The fun bit is that an auth server implementing some kind of proxying > ANAME is in a position very like Google and OpenDNS. That is, if the > target of the ANAME is a hostname provided by Akamai or CloudFlare or > whoever, and if the auth server is going to proxy the answer faithfully, > then it has to implement client-subnet.
I wonder if the best thing to do would be to define an ANAME/AAAANAME that can be negotiated by resolvers. If the resolver supports it (it can let the auth know via EDNS0) then the ANAME/AAAANAME is returned without resolution. If the resolver doesn't support it, then a synthetic A/AAAA can be returned. -- Colm _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
