mansaxel> IMNSHO _any_ work on "fixing CNAMES at apex" that gets mansaxel> traction is a spanner in the works for what we seem to agree mansaxel> is a better solution. A interim fix will be deployed and stall mansaxel> every attempt at DTRT.
While I agree with this approach in principle, the reality is we've had a couple of decades and never come up with anything enough better to get used. There are times when an 80% solution is better with 0%, even if it might slow down perfect. jabley> So for what it's worth, this is what I think we should be doing: jabley> 1. Make the existing, proprietary, non-interoperable dumpster jabley> fire better if we can (maybe we can't; the way to tell is jabley> whether the enterprise DNS people are interested); Yes. And get buyoff from the browser and large auth folks so it actually gets used. jabley> 2. Find a client-side solution to this, and try really hard not jabley> to invent something new that is really just SRV with a hat jabley> and a false moustache. Also yes. Folks saying that SRV won't work for them aren't stupid. They have their own agendas that don't consider DNS to be the most important thing to them; to them it's a handy tool. We should respect that attitude and come up with a legit new solution both sides can live with. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop