IETF Logo Mail Archive

Re: [DNSOP] DNSSEC in local networks

Mark Andrews <marka@isc.org> Mon, 04 September 2017 12:22 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08F3612ECEC for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 05:22:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9PNE8XPiLkyI for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 05:22:30 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9373A126DD9 for <dnsop@ietf.org>; Mon, 4 Sep 2017 05:22:30 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id F1CA524AE34; Mon, 4 Sep 2017 12:22:18 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id AA3A016005C; Mon, 4 Sep 2017 12:22:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 95DFA16007F; Mon, 4 Sep 2017 12:22:25 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 0Bhg-AkgZ14U; Mon, 4 Sep 2017 12:22:25 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 451A516005C; Mon, 4 Sep 2017 12:22:25 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id C270F8413534; Mon, 4 Sep 2017 22:22:22 +1000 (AEST)
To: "Walter H." <walter.h@mathemainzel.info>
Cc: Jim Reid <jim@rfc1035.com>, dnsop WG <dnsop@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <150428805872.6417.9525310755360551475@ietfa.amsl.com> <59A9B760.2060209@mathemainzel.info> <alpine.DEB.2.11.1709012044210.2676@grey.csi.cam.ac.uk> <59A9BCA2.6060008@mathemainzel.info> <20170903043202.GA18082@besserwisser.org> <59AC4E42.9080600@mathemainzel.info> <60304450-DFA3-4982-B01D-CC33C49BDCFC@isc.org> <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail> <3B75D240-13B9-4A94-B56D-24E83B4A4A8F@rfc1035.com> <3fe7bc511a990b0288b645dc176e1ef3.1504515284@squirrel.mail> <20170904090455.4249F8411CFC@rock.dv.isc.org> <c0c73dab49c6452c616c86656704ecd0.1504518603@squirrel.mail>
In-reply-to: Your message of "Mon, 04 Sep 2017 11:50:03 +0200." <c0c73dab49c6452c616c86656704ecd0.1504518603@squirrel.mail>
Date: Mon, 04 Sep 2017 22:22:22 +1000
Message-Id: <20170904122222.C270F8413534@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1fqcAtFoEo4nPT66FAYtz_rux7s>
Subject: Re: [DNSOP] DNSSEC in local networks
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2017 12:22:32 -0000

In message <c0c73dab49c6452c616c86656704ecd0.1504518603@squirrel.mail>, "Walter H." writes:
> > Except you misses the entire point of getting a registered name,
> > that is to be able to use it safely without anyone trampling on its
> > use.
> 
> where there anyone who said: "don't use it", 15 years ago?

Yes.  There were lots that discourage the use of .local, lan,
.corp etc.  Just becaue you didn't hear from them doesn't mean
they weren't out there.

> > 'home.arpa' is in the process of being registered so that it
> > can be used safely in the environment it is designed to be used in.
> 
> yes, but commonly for residental networks, not company/enterprise networks,
> they want/need something shorter like ".corp", ".lan", ".local", ...

Want maybe, need absolutely not.
 
> > Yes, 'home.arpa' will be registered.  It's a different type of
> > registration to the one that is normally done by talking to your
> > friendly DNS registrar but it is a registration.
> 
> exact such a name but a TLD is needed for companies/enterprises in order
> to prevent new ones doing the mistakes of old ones ..., and having the
> safety not having a conflict in the future ...
> 
> > Names are not addresses.  They have different properties.
> 
> that is not the point,
> the point is, that in those days where these companies decided to use
> .local, .corp, ... such a paper prevented these decisions and now it could
> have been expanded with DNSSEC features ...

Everyone was told to register the domain you want to use, there was
no exception for active directory.

> just guess what would have happened when there was no RFC1918; by the way,
> I would not have any problem changing my internal IPv4 addresses from e.g.
> 10.x.x.x to let's say 52.x.x.x - it is only a thought;

IPv6 would have been deployed a lot sooner. :-)
 
> companies that use .local as their internal domain name and/or Active
> Directory have no problem as long as there is no system that insists on
> using mDNS for .local as specified in RFC6762

Except such systems exist.  Go look at what a Mac does.  ping for
test.local and look and port 5353 traffic and compare it to port 53
traffic.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email