No salvation from DNSEXT (was: Additional thoughts on TRANSITIONAL)

Erik van der Poel erikv at
Fri Dec 4 17:08:52 CET 2009

Ah, in that case, please ignore that part of my email and focus on the
rest of the proposal. Thanks.


On Fri, Dec 4, 2009 at 7:03 AM, Andrew Sullivan <ajs at> wrote:
> On Fri, Dec 04, 2009 at 04:11:47AM -0800, Erik van der Poel wrote:
>> However, I would encourage .de and .at registry folks to take a closer
>> look at the .gr registry's claims that DNAME is not good enough for
>> email, etc. If DNAME is not changed to include the root of the subtree
>> or if no new xNAME is defined for that purpose, we may decide to keep
>> Eszett DISALLOWED and add a mapping to ss.
> I am not totally sure I yet understand precisely what the problem is
> supposed to be for email -- it's not quite correct, I think, in the
> details.  But there is in fact a practical problem with DNAME
> (basically, if you want to resolve at the owner name of the DNAME and
> not below it, you need both a  DNAME and an A or something similar at
> that owner name, and that makes management awkward).
> All of _that_ said, if anyone thinks that our effort should depend on
> what happens over in DNSEXT with respect to some possible xNAME
> RRTYPE, please disabuse yourself of that notion right now.  I don't
> want to get into the details, because they're off topic for this list,
> but there are three problems:
>    1.  There are serious, possibly insurmountable, technical barriers
>    to something that completely aliases a whole tree.
>    2.  If you think it is hard to get consensus in this WG, you
>    should follow the namedroppers (or dnsop) list for a while.
>    3.  If you think browsers have a long tail for universal upgrade,
>    you should have a look at how long it takes to get resolvers and
>    servers replaced.  (For example, EDNS0 is over ten years old, and
>    penetration is still in pockets as low as 60% of the resolver
>    population.  Also, it turns out, one of the most popular resolvers
>    on the planet implemented it wrong.)
> The concerns about ambiguity are a short-term one, and they have to be
> solved in the short term.  That means that anything involving changing
> the way DNS works is not part of the solution.  DNS changes take many,
> many years to deploy widely, and over 10 years to deploy universally.
> (I only say "over 10" because the actual time isn't yet known --
> AFAIK, they _never_ get deployed universally.)
> A
> --
> Andrew Sullivan
> ajs at
> Shinkuro, Inc.
> _______________________________________________
> Idna-update mailing list
> Idna-update at

More information about the Idna-update mailing list