> On 20 Jun 2018, at 12:06 pm, Paul Ebersman <[email protected]> wrote: > > bellis> AIUI, a large part of the supposed issue with SRV was the > bellis> inertia of the installed base of browsers that wouldn't know how > bellis> to access them. > > drc> I thought the more fundamental problem was the additional latency > drc> caused by the second lookup since SRV specified domain names as > drc> targets. > > You're not mis-remembering this. I hear this from the major browser > folks every time we mention SRV. We may or may not think this isn't > relevent (or that dozens of embedded objects are way slower to load on a > web page) but it doesn't matter. If browser folks believe this and won't > change, we aren't likely to convince them if we haven't by now. > > SRV is a technically cleaner solution that will never get deployed... > > While I understand cautions about changing CNAME, legacy issues, > etc. I've come more and more to the camp that we lost this argument > years ago and we should just let server software folks allow CNAME at > apex and be done. > > This is DNSOP. Operational. The world wants CNAME at apex. Let's give it > to them. > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop
CNAME at the apex really will be the straw that broke the camel’s back. To do it we would have to redo DNSSEC. Rewrite thousands of lines of code because the browser vendors are too pig headed to even attempt to move to using SRV. Really would it cost them anything to perform the SRV lookups? It’s not like they can’t do the two lookups in parallel. One could even take _http._tcp and _https._tcp as a signal to fully populate the additional section before returning. That way you get single query either way. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
