Colm MacCárthaigh <c...@allcosts.net> wrote:
> On Mon, Jun 25, 2018 at 7:02 AM, Tony Finch <d...@dotat.at> wrote:
> >
> > That isn't required if the ANAME target records are fetched/updated by an
> > out-of-band provisioning process. A server will want to do it this way if
> > its query rate is bigger than the number of ANAME targetss divided by
> > their TTLs.
>
> A challenge with that is that many people now use geographic or latency
> based DNS routing based on the resolver IP address or EDNS-client-subnet.
> That's one of the reasons why Route53's ALIAS works only for targets that
> Route53 is authoritative for.
I think there are two issues here:
If your server has special knowledge of the target then there's nothing
stopping it from taking short cuts to serve tricksy answers more
efficiently.
If you are worried about a third-party auth server handing out ANAME
targets that are suboptimal, then that is what recursive ANAME support
will fix.
At the moment a third-party auth server can't do any cunning tricks with
apex names, so it has to serve a suboptimal static answer; with ANAME, the
tricksy target service gains the option of moving traffic around with TTL
granularity, if not (in the short term before recursive support) more
fine-grained tricks.
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Hebrides: Southwesterly 5 until later in northwest, otherwise variable 3 or 4.
Rough at first in northwest, otherwise slight or moderate. Mainly fair. Good,
occasionally poor.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
