On Tue, May 11, 2021 at 4:00 PM Ben Schwartz <bem...@google.com> wrote:
> > > On Tue, May 11, 2021 at 3:44 PM Brian Dickson < > brian.peter.dick...@gmail.com> wrote: > >> >> >> On Tue, May 11, 2021 at 2:49 PM Ben Schwartz <bem...@google.com> wrote: >> >>> >>> >>> On Tue, May 11, 2021 at 2:31 PM Brian Dickson < >>> brian.peter.dick...@gmail.com> wrote: >>> ... >>> >>>> Another way to put it is, the SvcParameters are actually bound to the >>>> TargetName, not the owner name of the HTTPS record, and the Web/CDN >>>> provider is (semantically speaking, not DNS-speaking) "authoritative" for >>>> those parameters. >>>> >>>> Is this accurate? >>>> >>> >>> It sounds like one of the deployment arrangements that is anticipated by >>> the draft. >>> ... >>> >>>> In the current design, the domain owner needs to, in effect, do a >>>> copy/paste from each Web/CDN providers' information into the domain owner's >>>> own DNS zone, including the TargetName and SvcParameters. >>>> >>> >>> No, as you noted, this is definitely a bad idea, and is not required or >>> recommended in the draft. Instead, the domain owner should use CNAME and >>> AliasMode records to alias to an HTTPS ServiceMode record maintained by the >>> CDN. See the Examples section ( >>> https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-05.html#name-examples >>> ). >>> >>> >> >> I'm maybe confused here... I thought the AliasMode (or CNAME) would only >> work if there is exactly one CDN provider. >> What would the domain owner need to do for having two CDN providers, at >> different Priority levels (or at the same Priority level)? >> > > Multi-CDN support is described here: > https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-05.html#name-multi-cdn > It works exactly like multi-CDN works today, juggling multiple CNAMEs to > avoid copying CDN IPs into the customer zone. > > I think a standardized mechanism to simplify management of this > arrangement might be useful, but it is largely independent of SVCB and can > be developed separately if there is interest. > Okay, so let me ask a (stupid) question: What is the difference between foo.example.com HTTPS 0 foo.example.net and foo.example.com HTTPS 1 foo.example.net (and assume there is an HTTPS record at foo.example.net, which is the same in both of those example cases.) Brian
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
