On 23/01/2020 22:07, Paul Vixie wrote: > apex cname is a bad idea that can't be stopped. modern dns has a lot of > these, > for example ECS and what i once called "stupid DNS tricks"[1]. anything that > anybody wants to do is a possible topic for wide deployment and eventual > standardization, and system coherence be damned. > > HTTPSSVC is the right answer for this. we should push _hard_ on that rather > than distracting our energies with trying to fix the DNSSEC problems related > to apex cname. to DNSSEC, a name is either canonical or not. if it's not it > will have a CNAME and only a CNAME -- and this is a good thing.
+lots! I hoped my HTTP record draft might have been the solution, but even though that's now dead I like to think that it helped catalyze the browser folks towards HTTPSSVC. CNAME was *never* the right answer for directing traffic for a domain to a specific host, but it happened to work and was the only tool in that toolbox at the time. Attempting to extend it to the apex just makes that worse. Ray _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
