Re: #385: HTTP2 Upgrade / Negotiation

On 10/24/12 9:48 AM, Mark Nottingham wrote:
> Can you expand upon that a bit? You mean where the successive DNS
> lookups come from different servers, or...?

The issue is additional information that Patrik is suggesting that we
use (to be fair I may have made the same suggestion without thinking it
through earlier).  So, take for instance the case where you want to look
up what the server on is using.  You might have the
following SRV response:    IN    SRV 0 10 880

and additional information of    IN    A

The problem is that may not be in the same zone
as, and the querying resolver can't tell, simply
based on one query.  The nameserver for doesn't
really have the right to make claims about anything outside its zone. 
There are common enterprise deployments in which this is in fact the
case.  Someone even asked me if it was possible NOT to have a zone cut
at _tcp....!!!

Now let's take a more nefarious example:    IN    SRV 0 880

and additional information of    IN    A ;; where this address leads you to
the wrong site.

A solution to this issue is to use the same name.  That guarantees the
same authority.


Received on Wednesday, 24 October 2012 08:42:02 UTC