On Fri, 7 Apr 2017, Evan Hunt wrote:
The hope here is that, in the long run, ANAME resolution would be the job
of the resolver, which in in a position to get the best answer for its
clients, given geolocation and topology considerations.
Expansion of ANAME on the authoritative end is a workaround for the
fact that we can't go back in time and put ANAME support into all
the resolvers.
But really, what it comes down to for me is that if you are adding logic
to the AUTH nameservers to synthesize ANAME into A/AAAA records, why bother
ever sending ANAME over the wire? Just let clients send A/AAAA and never
ask for ANAME.
Resolvers don't ask for ANAME. They ask for A/AAAA, and get an A/AAAA
answer, along with an ANAME record so they can go directly to the source
and get a better answer if they support that.
If these are the premises for ANAME, and its special handling, wouldn't
it be better to generalise asking for multiple records (eg A + AAAA
+ ANAME) where ANAME has no special handling on its own? And then do the
generealised multi-query-at-once using one of the previously suggested
proposals?
I thought there were some recent suggested drafts, which I cannot seem
to find now, but an old one on this is draft-yao-dnsop-accompanying-questions.
Then people who want to ask (A + AAAA + TLSA) or (A+AAAA+SSHFP) or
(A+AAAA+IPSECKEY) could use the same mechanism. And ANAME would just be
a regular DNS record without any abnormal processing.
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
