Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Petr Špaček <petr.spacek@nic.cz> Fri, 26 January 2018 17:07 UTC

Return-Path: <petr.spacek@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22C49129C6E for <dnsop@ietfa.amsl.com>; Fri, 26 Jan 2018 09:07:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.01
X-Spam-Level:
X-Spam-Status: No, score=-7.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hlN4L-EUcV_Y for <dnsop@ietfa.amsl.com>; Fri, 26 Jan 2018 09:07:36 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0B84C126BF0 for <dnsop@ietf.org>; Fri, 26 Jan 2018 09:07:36 -0800 (PST)
Received: from [IPv6:2001:1488:fffe:6:9894:11ff:fe44:fce9] (unknown [IPv6:2001:1488:fffe:6:9894:11ff:fe44:fce9]) by mail.nic.cz (Postfix) with ESMTPSA id 8E67964D95 for <dnsop@ietf.org>; Fri, 26 Jan 2018 18:07:34 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1516986454; bh=DKeuxm4Y0Pp+MWOLHcHUn57PIYRoAV0tpxgHr3x1n8U=; h=To:From:Date; b=FcThgE+kdTcgHueD3YrhcswUesMHuR3c/1//TH0QfovrXRIDLUd7KKNhaEZtxgNmz M7fhZgs9gLfErt2rrLb0FfBVV4tNASvE+AD63rWPsBmxGaM3Zlrb5Px8QrkT7K844a FUeB6XsbwOGgKX4UTckOY07pRY6fx0KyXwYlnOgs=
To: dnsop@ietf.org
References: <9DCE2F63-EE37-4865-B9D6-6B79BBE05593@gmail.com> <CAJE_bqcSirZyfr7PKhf=ttMxf=DeMVeJPNPn=R-HS2cH3Z-nPw@mail.gmail.com> <8e69dac2-359b-d528-45e5-05604f4dbf90@nic.cz> <CAJE_bqdeDRmN78dE5VUYDB6y-fXfUK9gSOkjJxszcP0WjjR9dw@mail.gmail.com> <3eb04472-82f0-9dd9-0922-4e6cd4f825e6@nic.cz> <201801261700.w0QH0XoV029935@bela.nlnetlabs.nl>
From: =?UTF-8?B?UGV0ciDFoHBhxI1law==?= <petr.spacek@nic.cz>
Organization: CZ.NIC
Message-ID: <b2c3ce9b-d732-9814-4393-ad372a4b8f25@nic.cz>
Date: Fri, 26 Jan 2018 18:07:34 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <201801261700.w0QH0XoV029935@bela.nlnetlabs.nl>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1tUuROOPb8zjrE9dgEMdENy-Ffc>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2018 17:07:41 -0000


On 26.1.2018 18:00, Jaap Akkerhuis wrote:
>  Petr Špaček writes:
> 
>  > <SNIP>
>  >
>  > An example: RFC 4033 clearly states what should be done if result of
>  > validation is "Bogus". Nonetheless, Unbound has "val-permissive-mode:
>  > yes" which enables admin to pass bogus answers.
>  >
> Note that the default setting is "val-permissive-mode: no".  It is
> just a knob for all those people who want to shoot themselves in
> the foot.

Thank you, that's exactly my point. The doc says what is the right thing
to do in vast majority of cases (SERVFAIL for Bogus, NXDOMAIN for
localhost.) and those who know what they are doing will use knobs to do
whatever thay want. As usual.

In other words, please do not delay documents indefinitelly just because
they do not cover all conceivable use-cases. Weird stuff happens on
networks, and that's why we have all the knobs.

-- 
Petr Špaček  @  CZ.NIC