Regarding multiple AliasMode RRs, see https://www.rfc-editor.org/rfc/rfc9460.html#section-2.4.2-1:
"If multiple AliasMode RRs are present, clients or recursive resolvers SHOULD pick one at random." --Ben ________________________________ From: Joe Abley <jab...@strandkip.nl> Sent: Sunday, October 6, 2024 6:24 AM To: Ralf Weber <d...@fl1ger.de> Cc: Watson Ladd <watsonbl...@gmail.com>; dnsop <dnsop@ietf.org> Subject: [DNSOP] Re: Multiple SVCB/HTTPS records for same TargetName: possible errata in RFC 9460? On Oct 6, 2024, at 08:58, Ralf Weber <d...@fl1ger.de> wrote: > DNS wise this is totally fine. You can always have multiple resource > records of the same type for a name node. Except when you can't, like when the type is SOA or CNAME or DNAME. But SVCB and HTTPS were not defined to have those kinds of restrictions; quite the opposite, in fact, the interpretation of RRSets with more than one RR is specified quite clearly (but see below). > I don’t know a lot about ECH, > but wouldn’t it also make sense to have multiple keys there when you e.g > roll the backend keys and can not do that atomically? I don't know a lot about HTTP at all, never mind ECH, but it seems to me that the intention with multiple ServiceMode RRs with the same SvcPriority is that the consumer of the DNS response shuffles them in random order, then tries the configuration published in each of them one at a time until something works. Your use case makes sense to me. More generally, if your service is distributed across lots of different server elements, perhaps it's not feasible to update the configuration on all of them instantaneously, so clients need to be able to deal with two different server configurations when they connect depending on which server their connection lands on. If the service is provided on a single host, then you have DNS loose coherence to accommodate which means that the server needs to accommodate clients with both the old and new configuration. However, I did notice something in the spec that seemed a bit strange. RFC 9460 section 2.4.1 defines how to interpret the situation when an AliasMode and a ServiceMode RR are published in the same RRSet (you ignore the ServiceMode RRs) and also how to interpret the situation when multiple ServiceMode RRs are published in the same RRSet, both with equal and different SvcPriorities. But that section doesn't specify exactly what happens when there are multiple AliasMode RRs in the same RRSet. Maybe that should be specified? It's difficult to tell from the spec whether this situation was just not anticipated or whether the advice that follows in that section for consuming multiple ServiceMode RRs with the same SvcPriority should apply. Joe _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
_______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
