On Fri, Jun 22, 2018 at 09:18:25PM -0400, John R Levine wrote: > Like I said, it's a disctinction without a difference.
The difference is implememtation complexity, which maybe isn't of concern to you but has been of concern to some people who argued with me about ANAME on this basis early on. You *don't* have to implement a full resolver inside your auth server to get ANAME to work. That's all I'm trying to make clear. Your point about having to deal with recursion failures is entirely valid. It's irreducibly a hack, but I'm still pretty sure a different rrtype than CNAME will be needed to get anything like this to work reliably. (And, realistically, it isn't going to be SRV; it's going to have to be something that browsers get for free just by sending address queries, since that's all they're willing to do. A related idea that's occurred to me is an EDNS option that could be included with a query for example.com/A, which says "this query originated from a _http._tcp application, so do me a favor and check for SRV while you're at it, 'k?" But I'm pretty well convinced at this point that no browser vendor would ever lift a finger to use that information no matter how easy we made it for them. *All* of the finger-lifting will have to be done in the resolver.) -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
