On Mon, 25 Jun 2018, Tony Finch wrote:
Then you might as well use that mechanism to update A/AAAA records and
skip the intermediate ANAME?
ANAME will add two things beyond a provisioning-only setup:
* a standard way to signal to dynamic auth servers where to get A/AAAA
records from
I understand, I just disagree this is the right way. I don't see why
this entire problem shouldn't be resolved at the well, resolver level.
* a way to signal to recursives that they might get a better answer if
they query the target themselves
This you can do with ANAME records that are provisioned, and the only
modification needed would be to add ANAME to the additional/answer
section on auth servers. That's quite different from adding a protocol
requiring auth nameservers to interpret/fetch/verify/replace zone
records.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
