On Sat, Apr 08, 2017 at 06:32:12PM -0400, Paul Wouters wrote: > > Resolvers don't ask for ANAME. They ask for A/AAAA, and get an A/AAAA > > answer, along with an ANAME record so they can go directly to the source > > and get a better answer if they support that. > > If these are the premises for ANAME, and its special handling, wouldn't > it be better to generalise asking for multiple records (eg A + AAAA > + ANAME) where ANAME has no special handling on its own? And then do the > generealised multi-query-at-once using one of the previously suggested > proposals?
I must have been unclear -- I meant the slash to mean "or". This isn't about getting back multiple records. I did include a MAY in there saying that if you query for an A you can get AAAA in the additional section, and vice versa, but that's not the central point of ANAME at all. This is a mechanism for redirecting address queries. Because it's limited to address types, it can, unlike CNAME, be used at the zone apex. So the initial query is going to be for type A or type AAAA. (If we ever invent a third address family, that would count here as well.) The response is going to be an ANAME record plus the address you asked for. That address has to be looked up by the auth in case the querying resolver doesn't have ANAME support, but if the resolver *does* have ANAME support, then it repeats the lookup on its own behalf, just as it would do if it got back a CNAME. > Then people who want to ask (A + AAAA + TLSA) or (A+AAAA+SSHFP) or > (A+AAAA+IPSECKEY) could use the same mechanism. And ANAME would just be > a regular DNS record without any abnormal processing. Fine idea but not related. ANAME == CNAME for addresses. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
