On Fri, 14 Oct 2016, Stephane Bortzmeyer wrote:
"Using DNAME in the DNS root zone for sinking of special-use TLDs" ?
On Fri, Oct 14, 2016 at 10:04:21AM -0400,
Paul Wouters <paul at nohats.ca> wrote
a message of 19 lines which said:
But by adding delegations in the root to AS112, aren't we making it
more likely that the queries leak further onto the net?
That's precisely the point described in section 6, second paragraph.
The difference is between "doing the draft and reducing the problem
caused" versus "this problem is big enough to not do the draft".
I do not know yet where I stand on this. I do feel that since we are
talking about "bad old DNS software" that wouldn't already be suppressing
special use names, it is most likely that this old software also does
not support DNAMEs.
Paul
One of the cleverer things about DNAME is that it requires synthesis of
QNAME-matching CNAMEs.
So, if the stub client does not speak DNAME but the resolver does, the
resolver MUST synthesize the CNAME.
And, if the resolver does not speak DNAME, it only understands the
synthesized CNAME and only caches that.
Of course, in the AS112 usage, it is a DNAME or CNAME to an NXDOMAIN, by
design.
I think that any other proposal (e.g. Mark A's idea, or other localized
things) can happily co-exist with the AS112 thing.
At a minimum, it lowers the rate of noise queries to root servers.
One possible beneficial side-effect is the encouragement of deployment of
more AS112 instances.
I think it is worth documenting, and then seeing how much support there is
once the wording is polished.
Identifying the benefits and cases that it best fits are useful, IMHO.
I think demonstrating that the idea of "Do AS112 for ALT, and be done with
it" scales well, is something it could document.
Brian
P.S. Apologies for any formatting wonkiness. Cut/paste from archives, which
is where I read some groups these days.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
