All

Thanks for this highly entertaining and also information conversation.  I
apologize for kicking up the dust but I feel this is one of those
conversations where the end-users/operators and protocol people are
disconnected.    I do know when we talked with several DNS providers about
a standard was of synthesizing names at the apex, we encountered a similar
level of pushback.  Most of them spent the time explaining how
sophisticated their method was over Vendor Y.

But I don't think it's an impossible problem to solve, and this thread is
full of very smart people attempting to do that.   I admit I look at this
problem too much through the lens of someone who thinks about operational
issues. (I am probably not the only one here who was paged in the middle of
the night when someone rolled out 9.12 without reading the fine print).

What we do know is:

 - We're not going to do SRV records (sorry Mark).
 - We're not going to ask the IAB to give a waiver on DNSSEC.
 - We still bang into each other over this.

The chairs have decided to set aside some time in Montreal and see if we
can work through this problem.  We've asked Ondřej  from ISC and Willem
from NLnetLabs to help guide the talk.

Thanks
Tim




On Mon, Jun 25, 2018 at 1:00 PM, Paul Vixie <p...@redbarn.org> wrote:

>
>
> Tony Finch wrote:
>
>> Paul Wouters<p...@nohats.ca>  wrote:
>>
>>> I understand, I just disagree this is the right way. I don't see why
>>> this entire problem shouldn't be resolved at the well, resolver level.
>>>
>>
>> I don't see how that can be deployed in a way that is compatible with
>> existing software.
>>
>
> there are now a half dozen x.x.x.x (where x is the same in all four
> octets) public anycast resolvers. if they can all be upgraded to handle
> dnssec or ECS, they can all be upgraded to handle something like ANAME.
>
> the "resolver" here is the recursive, not the stub. stubs believe what
> they hear, for good or ill. if we need to change what they hear, it's not
> as impossible as changing what they understand.
>
> --
> P Vixie
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to