Hello Margaret,I think the section 4.7 confuses me. I think I understand its motivation. But every solid validation resolver implementation wants to fetch its own CNAME follow on its own. If the cname does not lead to the same zone, it drops whatever the forwarder send and asks again. I admit that is common for iterative recursive servers, which often do not have any forwarders at all. I think only caching stub-resolvers, like dnsmasq or systemd-resolved, would trust also follow up.
But I think the most confusing are priorities of described in section 4.1. Is has quite complex logic. But at the same time the whole mechanism is recommended to be enabled only for trusted networks, where bogus redirecting domains is unlikely. Were there defined use cases, when supplying the same domain on multiple networks required different preference from IP routing records? Which could be solved by making lower priority on wifi connection, if wired is also available, for example.
Could be that complexity, mixing also DNSSEC validation into the equation, a reason which resulted in no implementations widely used?
Regards, Petr On 03. 11. 22 18:33, Margaret Cullen wrote:
Hi Petr, There is no successor to this document, and the WG has been closed for some time. What parts of the specification do you find confusing? There may be folks on this list who can answer any questions you have. Margaret (Former mif co-chair)On Nov 3, 2022, at 8:18 AM, Petr Menšík <pemen...@redhat.com> wrote: Hello former MIF group members, I have found RFC 6731 [1], which is Standard Tracks since December 2012. I have found reference to it from some draft of add WG. When I read it, I found it proposes solution to existing problem on Linux desktops, which is not yet sufficiently solved. A bit similar attempt is implemented by systemd-resolved [2], but does not use any standardized way. I think every device with multiple interfaces is potential candidate for it. Every laptop with ethernet+wifi, every smart phone with wifi+cellular network. Yet I haven't found any attempts to implement RFC 6731. Do you know existing implementations for any operating system? Is it used somewhere already? Is there a reason why it is not widely used? I work in Red Hat as a Software Engineer, maintaining some DNS packages. Dnsmasq has some integration with Network Manager, which does something similar. Yet they are misusing dns-search parameter of DHCP protocol. I would like to add more proper support, but I find current standards confusing. Is there more relevant successor to this standard? Best Regards, Petr 1. https://www.rfc-editor.org/rfc/rfc6731.html 2. https://systemd.io/RESOLVED-VPNS/ -- Petr Menšík Software Engineer, RHEL Red Hat, http://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB _______________________________________________ mif mailing list mif@ietf.org https://www.ietf.org/mailman/listinfo/mif
-- Petr Menšík Software Engineer, RHEL Red Hat, http://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
OpenPGP_0x4931CA5B6C9FC5CB.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ mif mailing list mif@ietf.org https://www.ietf.org/mailman/listinfo/mif
