On 04/11/2017 10:47 PM, Evan Hunt wrote:
On Tue, Apr 11, 2017 at 10:20:31PM +0200, Florian Weimer wrote:
And in order to accommodate them, we upgrade the DNS server
infrastructure across the Internet?
Them, and web browser implementers who just don't want to use SRV.
SRV wouldn't work anyway because it is incompatible with existing name
resolution interfaces anyway.
If you do not insist on using SRV, but something that is just an alias
(like PTR, ANAME etc.) and processed in the client, it would be quite
straightforward to put this into the stub resolver, and then all
applications[*] would automatically get the addresses at the
substitution name (SNAME). Disallow multiple substitution names per
owner name and their chaining (but chaining to CNAME would be okay), and
I think it would just work.
But then DNS operators will worry about a 50% (from A/AAAA to
A/AAAA/SNAME) to 150% (from A/AAAA to A/AAAA/SNAME plus A/AAAA at the
SNAME) increase in query load. (SRV would be worse because there could
be multiple target names, all needing separate processing.) Would that
be acceptable? I don't know.
In fact, Firefox already solved the issue in the client: If you enter
the zone apex, and no address record exists, it automatically redirects
to the www name in the zone. Unfortunately, DNS operators broke that
when they started rewriting NODATA responses, injecting ads into
existing domains. So you really have to have addresses at the zone apex
these days.
Thanks,
Florian
[*] At least all applications which correctly deal with enterprise name
lookup, which can involve NIS and LDAP, too, not just DNS.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
