On Tue, May 11, 2021 at 2:49 PM Ben Schwartz <bem...@google.com> wrote:
> > > On Tue, May 11, 2021 at 2:31 PM Brian Dickson < > brian.peter.dick...@gmail.com> wrote: > ... > >> Another way to put it is, the SvcParameters are actually bound to the >> TargetName, not the owner name of the HTTPS record, and the Web/CDN >> provider is (semantically speaking, not DNS-speaking) "authoritative" for >> those parameters. >> >> Is this accurate? >> > > It sounds like one of the deployment arrangements that is anticipated by > the draft. > ... > >> In the current design, the domain owner needs to, in effect, do a >> copy/paste from each Web/CDN providers' information into the domain owner's >> own DNS zone, including the TargetName and SvcParameters. >> > > No, as you noted, this is definitely a bad idea, and is not required or > recommended in the draft. Instead, the domain owner should use CNAME and > AliasMode records to alias to an HTTPS ServiceMode record maintained by the > CDN. See the Examples section ( > https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-05.html#name-examples > ). > > I'm maybe confused here... I thought the AliasMode (or CNAME) would only work if there is exactly one CDN provider. What would the domain owner need to do for having two CDN providers, at different Priority levels (or at the same Priority level)? Or in that case, would each TargetName itself point to a name with an HTTPS (or SVCB) record with its own SvcParams? I.e. something like this: foo.example.com HTTPS 1 foo.example.com.cdn1.example.org foo.example.com HTTPS 2 foo.example.com.cdn2.example.net (and hosted on their respective domains) foo.example.com.cdn1.example.org HTTPS 1 . alpn=h2,h3 foo.example.com.cdn1.example.org A <A_RDATA> foo.example.com.cdn2.example.net HTTPS 1 . alpn=h2,h3 foo.example.com.cdn2.example.net A <A_RDATA> foo.example.com.cdn2.example.net AAAA <AAAA_RDATA> Is this something that is likely to be common or at least supported? If so, it might make sense to put that in as an example of where and how the actual ALPN binding part is done, where it differs from where the TargetName is used to link domains. Brian > ... > >> If the parameter sets were managed by the Web/CDN provider, and given a >> distinct DNS name (and referenced by name rather than value), the >> scalability of the bindings would likely improve, e.g. reference via CNAMEs >> (with the CNAME targets being long-lived and cacheable). >> > > Yes, this is the goal of the draft, and the behavior documented by the > draft's CDN examples. > > Okay, I think the question/clarification above is what was missing. Also, if the normal usage by CDN clients (versus CDN operators), where multiple CDNs are used, does not require any SvcParams, that might make the concern about the "key=value" lists vs "key,value" RRsets less onerous. Brian
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
