NNPS / TCP port 433

Julien ÉLIE julien at trigofacile.com
Sun Dec 12 09:51:20 UTC 2021 

Hi Grant,

>> _nnsp._tcp     SRV 10 1 119 news.server.com.
>> _nntp._tcp     SRV 10 1 119 news.server.com.
>> _nntps._tcp    SRV  0 1 563 news.server.com.
>> _nnsps._tcp    SRV  0 1 433 news.server.com.
> 
> My issue with this example is that you are using different service names 
> in each of the records.  Thus clients are going to need to enter 
> something different depending on what they want.
> 
>> to say that nntps has more priority (0) than nntp (10).
> 
> Except I don't think that it does /because/ of the different service 
> names nntps != nntp.

It can do:

[RFC 6186]
    The priority field in the SRV RR allows a domain to indicate that
    some records have a higher preference than others in the DNS query
    results (determined by those records having a lower-numbered priority
    value).  Typically, this is used for choosing a record from a set for
    a single service label; however, it is not restricted to choice
    within only one service.

    Often a site will offer both IMAP and POP3 message store access
    services for users.  However, the site may have a preference for one
    over the other that they want to convey to the user to ensure that,
    when the user has an MUA capable of using both IMAP and POP3, the
    preferred choice is used.

    To aid with this choice, sites SHOULD offer both sets of IMAP (_imap
    and/or _imaps) and POP3 (_pop3 and/or _pop3s) SRV records in their
    DNS and set the priority for those sets of records such that the
    "preferred" service has a lower-numbered priority value than the
    other.  When an MUA supports both IMAP and POP3, it SHOULD retrieve
    records for both services and then use the service with the lowest
    priority value.  If the priority is the same for both services, MUAs
    are free to choose whichever one is appropriate.  When considering
    multiple records for different protocols at the same priority but
    with different weights, the client MUST first select the protocol it
    intends to use, then perform the weight selection algorithm given in
    [RFC2782] on the records associated with the selected protocol.

    Example: service records for both IMAP and POP3, with IMAP having a
    lower-numbered priority value (0) than POP3 (10), indicating to the
    MUA that IMAP is preferred over POP3, when the MUA can support either
    service.

        _imap._tcp     SRV  0 1 143 imap.example.com.
        _pop3._tcp     SRV 10 1 110 pop3.example.com.



>> Port 433 uses implicit TLS, as mentioned for NNSPS.
>> If NNSP pointed to 433 (or even both 119 and 433), it would have meant 
>> that port 433 does not use implicit TLS.
> 
> Okay.

That's what we wanted to achieve.



> I've not /yet/ found any way that's not remotely hacky to shoe horn SRV 
> support into things that aren't coded for it.  E.g. I can't have 
> `telnet` or `netcat` use SRV records.

Use of SRV records is not wide-spread at all...
It seems like e-mail clients haven't implemented it but use other 
mechanisms of autodiscovery or like.  Nonetheless, it does not mean we 
could not try for NNTP/NNSP.


> Sure, I can come up with some sort of hack to do the sorting to find a 
> top contender.  I can even extend it to return the target and port in a 
> way that the client program can use it.  E.g.
> 
>     `telnet $(mySRVresolver _nntp._tcp.trigofacile.com)`
> 
> Where mySRVresolver returns `news.trigofacile.com 119` which `telnet` 
> can use as input.
> 
> Theoretically I can even have mySRVresolver attempt connections in the 
> proper order and return the first one that can successfully connect.
> 
> But what I can't do is have telnet re-try the next lower priority 
> candidate if the previous higher priority candidate failed to connect. I 
> will have to re-try / re-start the telnet command.  So ... how do I 
> communicate to mySRVresolver that the previous connection failed, so 
> don't return it?  Or so on and so forth?

Isn't it the same thing as when there are several DNS servers to try? 
When one does not respond, the secondary should be queried, and so forth.
I agree that using SRV is not natively supported in these utilities...

-- 
Julien ÉLIE

« – Il t'arrive une tuile ?
   – Oui, je ne peux pas payer mon ardoise. »

More information about the inn-workers mailing list