On Wed, Feb 26, 2020 at 2:34 PM Lanlan Pan <abby...@gmail.com> wrote:
> My option:
> 1) ANAME just configured in zonefile, and anlayzed by authoritative server.
> 2) Authoritative server response to recursive (or resolver) on its policy
> as before, such as geo-ip, GSLB, ...
> 3) No upgrade on recursive and resolver.
>
I don't follow how this works for the non-trivial static case.
You have two authoritative parties, one for the authoritative zone
and one authoritative for the ANAME target.
Both are operated by different entities.
The logic and policy for the ANAME target (involving geo-ip, GSLB, etc)
is often highly dynamic and proprietary. How does this get conveyed
from the authorities for the ANAME target to the authorities for the zone
containing the ANAME? This is where we seem to get stuck.
CNAMEs provide an abstraction here given that they're implemented
and followed by recursives so policies can be implemented based
on the recursive IP and/or the ECS sent by the recursive IP.
With an authority-only ANAME, the geo-ip/GSLB/etc policy can't
be implemented by the authority for the zone containing the ANAME
and any requests the authority makes won't be fine-grained enough
to be useful.
If the customer problem is "I want to be able to CNAME example.com to
example.com.some-example-cdn.net" then ANAME won't solve if
it users don't get directed to the right place or if the service provider
for the target of the ANAME makes it clear that this configuration
voids any performance+availability SLAs.
Erik
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
