Paul Vixie <p...@redbarn.org> wrote:
>
> what do you expect non-dynamic servers to do in the presence of ANAME? i
> assume you'll recommend that they also host real A and AAAA RRsets at the same
> name-node, which only a dynamic authoritative would ignore?
Yes.
> if so, there's a third work flow available, which is to use RFC 2136 dynamic
> update to periodically update those "last resort" or "static" A and AAAA
> RRsets, for a non-dynamic server.
Yes.
> and if so, why aren't we just specifying that, and avoiding the creation of a
> new kind of authority server ("dynamic")?
A dynamic auth is (from the point of view of the trad DNS model) a kind of
master server: it has the signing keys (which secondaries don't), it
determines the contents of the zone according to its own rules (whereas
secondaries passively receive contents from elsewhere). Services like
Route53 and Dyn are effectively multi-master setups.
Dynamic auth servers exist. I would be pleased if ANAME makes it easier
for zone owners to move between providers with fewer portability problems
due to proprietary DNS extensions. Dunno how plausible that is, but
there's clearly demand, e.g. my favourite example (because they're using
one of my tools):
https://www.theguardian.com/info/developer-blog/2016/dec/23/multiple-dns-synchronising-dyn-to-aws-route-53
Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
South Utsire: Northwesterly 5 to 7. Moderate, occasionally rough in south.
Fair. Good.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
