Here is how it usually works. Not everyone necessarily does it this way, but in our experience almost all of them do.
1. Sites use a CNAME, usually using a host-specific name. E.g., www.akamai.com is a CNAME to www.akamai.com.edgekey.net The DNS entry for the origin may be controlled by Akamai (under direction of our customer, of course), or it may be controlled by them or by something like a CDN-brokerage company. For example, www.paypal.com CNAMEs to www.glob.paypal.com, where GLB presumably stands for Global Load Balancer. 2. Sometimes the CDN owns the DNS entry. In my experience this is more common for "anycast" types of services. For example, uureading.org returns A/QuadA records pointing into a CloudFlare address block. Having the ESNI RRtype include optional a/quadA records is something we have talked about internally. If so, it should be part of the RRtype definition, of course. We came to the same idea. Of course, we will then have to fight the intent to make this "generic server record" data such as draft-nygren-service-bindings. :) DNS is a strange and wondrous beast, like a bear riding a bicycle. We should make sure that DNS folks are heavily involved in this draft. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
