On Sep 18, 2014, at 11:51 AM, Tim Wicinski wrote:
> This document has been in WGLC and the working group has done an iteration on
> the document. The authors merged in several sets of changes, first back in
> July, and recently from the feedback from the working group reviewers and
> editors.
On Mon, 22 Sep 2014, bert hubert wrote:
Feedback welcome! I note that there has been discussion on EDNS0 probing and
other fancy things, but please note that this feature is needed to solve a
problem we have today. This means it can't involve upgrades to
infrastructure except for that operated b
Based on the discussions here (thanks!), I've now written this up as:
https://github.com/PowerDNS/pdns/blob/alias/pdns/docs/alias.md
The ALIAS record
The ALIAS record leads authoritative servers to synthesize A or records
in case these are not present. The source of the synthesized A or
On Mon, Sep 22, 2014 at 01:37:03PM -0400, Olafur Gudmundsson wrote:
> I’m getting confused about what the exact semantics of the proposed
> mechanisms are.
We're here to figure those out. Thanks for your input Olafur, appreciated!
>
> Q1: The intent is that ALIAS/ANAME/etc are a fallback rewr
I’m getting confused about what the exact semantics of the proposed mechanisms
are.
Q1: The intent is that ALIAS/ANAME/etc are a fallback rewrite operation if the
name does not have the type asked for?
Q2: Is there a good reason to restrict this to just the apex of a zone?
Q3: Is there a
On Mon, Sep 22, 2014 at 7:06 AM, Tony Finch wrote:
> The fun bit is that an auth server implementing some kind of proxying
> ANAME is in a position very like Google and OpenDNS. That is, if the
> target of the ANAME is a hostname provided by Akamai or CloudFlare or
> whoever, and if the auth serve
Andrew Sullivan wrote:
> On Sun, Sep 21, 2014 at 03:52:13PM -0700, Paul Vixie wrote:
>
> > if it caches, does it implement "client subnet"?
>
> It sort of has to, not that it will necessarily be useful. An
> important use case is CDNs, and since you probably want to do stupid
> DNS tricks based o
On Sep 21, 2014, at 11:14 AM, bert hubert wrote:
> On Sun, Sep 21, 2014 at 08:13:46AM -0700, Paul Hoffman wrote:
>>> PS: the above is currently not yet supported for DNSSEC domains!
>>
>> Can you say (much) more about that aside? Does it mean that the server
>> will fail to load the zone if ther
On 22 September 2014 12:27, Tony Finch wrote:
> Dick Franks wrote:
> > On 22 September 2014 11:03, Tony Finch wrote:
> > >
> > > (1) Master-only. The master observes an ANAME record at the apex of a
> zone
> > > it loads and uses it to periodically refresh the relevant records in
> the
> > > zo
On Sun, Sep 21, 2014 at 03:52:13PM -0700, Paul Vixie wrote:
> does the ANAME(/ALIAS) server proxy every request, so, no caching?
Some people have tried to implement it that way. This is an excellent
way to DoS your server, it turns out (rumour has it that someone
learned that in production; but
Dick Franks wrote:
> On 22 September 2014 11:03, Tony Finch wrote:
> >
> > (1) Master-only. The master observes an ANAME record at the apex of a zone
> > it loads and uses it to periodically refresh the relevant records in the
> > zone (as if you had a cron job running dig | magic | nsupdate).
>
On 22 September 2014 11:03, Tony Finch wrote:
> I can see roughly three ways this might be done, in order of increasing
> complexity...
>
> (1) Master-only. The master observes an ANAME record at the apex of a zone
> it loads and uses it to periodically refresh the relevant records in the
> zone
>(1) Master-only. The master observes an ANAME record at the apex of a zone
>it loads and uses it to periodically refresh the relevant records in the
>zone (as if you had a cron job running dig | magic | nsupdate).
I have implemented something like this, with master file syntax
foo IN A [rmtip:ba
Doug Barton wrote:
>
> https://tools.ietf.org/html/draft-barton-clone-dns-labels-fun-profit
I am confused by the use "label" in that document. Do you really mean a
single component of a domain name wherever you say "label"?
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Trafalgar: Cyclonic in n
I can see roughly three ways this might be done, in order of increasing
complexity...
(1) Master-only. The master observes an ANAME record at the apex of a zone
it loads and uses it to periodically refresh the relevant records in the
zone (as if you had a cron job running dig | magic | nsupdate).
bert hubert wrote:
>
> The current semantics for the ALIAS pseudo-record are that they only match
> if no real record did.
Why not restrict it to A and ?
I forsee problems with zones that have MX and ALIAS at the apex which
accidentally get the wrong SPF record, for example.
Tony.
--
f.ant
16 matches
Mail list logo
