In an unrelated problem domain and in an different meeting of the
IETF, there was a question about "why can't the DNS have a CNAME and
DNAME together" to accomplish the goal. The answer to that relates
to this following passage from the slide set here
http://www.ietf.org/proceedings/10mar/slides/dnsop-7.pdf
(Slide 5)
Return 0 answers for AAAA if, and only if:
...
-"A" record exists for same name
...
The problem lays with saying "affect type X if there is type Y
present". Fundamentally DNS cannot deal with inter-type dependencies
because of the way caching works.
In RFC 1034, section 4.3.2 we have the basic means for determining an
answer, it has been extended in two or three documents (but not in a
way that matters here). In step 3 it has instructions on what to do
when matching types. On paper it appears we could say "if there'a
type X and type Y, do this" and we could do so for authoritative
servers.
But as we know from the "QTYPE=ANY" discussions, you can never assume
that a cache will have both types X and Y at any one time. The cache
may not have the name at all - in which case the server (if
recursive) would have issued a recursive query. It may have type Z,
that is, something for the name that is neither X nor Y. It may have
X and not Y, or Y and not X. And it just may have X and Y - you
never can tell.
You might be tempted to instruct the cache "if you have X and not Y,
ask for Y" but that changes the protocol. You could instruct the
cache to fetch the X with Y but that is a change, but you would then
also have to instruct the cache to tie the TTLs of X and Y to make
sure it's "X and Y" or "no X and no Y" at all times.
DNSSEC has these instructions, btw. With DNSSEC it has been hard to
bring this on with "fresh" types (and we had to roll them, that is
SIG replaced by RRSIG at some point). It would be harder to do this
(create inter-type dependencies) with established types.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
New pithy statement under construction...
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
