Hi, On Tue, Jul 18, 2017 at 05:09:00PM +0100, Tony Finch wrote: > In my view an authoritative server which does online signing and on-demand > record synthesis is a master server. You can make all your public > authoritative servers into masters if you like, but it must not be > required. > > If (like me) you have a more traditional setup then ANAME is an > instruction to the master server about zone maintenance, saying that it > needs to periodically update the sibling A and AAAA records, similar to > periodic re-signing, or as if some script were periodically `nsupdate`ing > the records. The secondary servers can continue to work the same as they > do now, but they'll work better if they know about some helpful additional > section rules for ANAME.
I think I (at least mostly) agree. One possible way to sort out these bits of potential confusion is to break the problem up into conceptual parts, so that one can see the way that they work together. One part is, "How do you give this instruction to the master server(s)?" It covers representation in the master file format, what a master is supposed to do on input, how to refresh the data, and so on. A second part is, "How do you give this instruction to a slave?". This covers transferring zones, the trade-offs in handing the slaves the ANAME vs the "resolved" records, refresh timers and so on. DNSSEC considerations at least are split between these, which suggests to me that these topics could be covered by one document in two parts; but these are nevertheless separate and separable functional questions. A third part has to do with downstream resolvers and caches and so on. This is really a separate problem: how to handle ANAME-aware vs ANAME-unaware systems, the consequences of an ANAME-unaware cache ending up with an ANAME in the cache, the effects of having an A and not AAAA in cache, &c &c. A fourth part, which might be yet a separate problem or might be the same document, is what this all looks like from a stub and what happens when there are chains of forwarders and caches and so on with a mix of ANAME-awareness and -obliviousness. I still think that in addition a clear description of why this is hard would be helpful. The troublesome thing about Stupid DNS Tricks is that they're always >80% there, and all the really hard parts are in that last <20%, and the difficulties in those <20% cases are manifold and completely unexpected when you think in the abstract cases. The people who worked through all the gnarly problems of caches and the interaction with DNSSEC already went through this once (I came in at the tail end and mercifully missed most of that), but we're about to revisit those problems for a different set of questions. I think we need to understand why this is more complicated than it looks, and I think any future implementer will need a clear guide to that also. ### WARNING: IETF ADMINISTRATIVE WRANGLING AHEAD ### Since there's been talk about an interim, it strikes me that the current issue is the sort of specific topic that deserves one. But I also wonder whether this isn't bumping up pretty hard against the DNSOP charter, and whether this mightn't be a case where we put together a tightly focussed statement of work that gets chartered as a WG, with a plan never to meet (or to meet only as "part of" a DNSOP meeting or something like that), if only to avoid pain and misery when the documents describing all this go to IETF LC. I am not interested even a little bit in making more administrative overhead, but I'm very much interested in avoiding a "this is off charter" discussion during IETF LC should we get there. Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop