[DNSOP] Remarks about draft-wkumari-dnsop-internal-00
Stephane Bortzmeyer <bortzmeyer@nic.fr> Thu, 07 September 2017 14:32 UTC
Return-Path: <bortzmeyer@nic.fr>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF5C3132F1B for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 07:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u_4dGSEAiZqf for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 07:32:41 -0700 (PDT)
Received: from mx4.nic.fr (mx4.nic.fr [IPv6:2001:67c:2218:2::4:12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B41BA124B18 for <dnsop@ietf.org>; Thu, 7 Sep 2017 07:32:41 -0700 (PDT)
Received: from mx4.nic.fr (localhost [127.0.0.1]) by mx4.nic.fr (Postfix) with SMTP id 9062A2806B8 for <dnsop@ietf.org>; Thu, 7 Sep 2017 16:32:39 +0200 (CEST)
Received: by mx4.nic.fr (Postfix, from userid 500) id 8B5AF2806BE; Thu, 7 Sep 2017 16:32:39 +0200 (CEST)
Received: from relay01.prive.nic.fr (relay01.prive.nic.fr [IPv6:2001:67c:2218:15::11]) by mx4.nic.fr (Postfix) with ESMTP id 84ABD2806B8 for <dnsop@ietf.org>; Thu, 7 Sep 2017 16:32:39 +0200 (CEST)
Received: from b12.nic.fr (b12.tech.ipv6.nic.fr [IPv6:2001:67c:1348:7::86:133]) by relay01.prive.nic.fr (Postfix) with ESMTP id 82289606D942 for <dnsop@ietf.org>; Thu, 7 Sep 2017 16:32:39 +0200 (CEST)
Received: by b12.nic.fr (Postfix, from userid 1000) id 7A7B641E1F; Thu, 7 Sep 2017 16:32:39 +0200 (CEST)
Date: Thu, 07 Sep 2017 16:32:39 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: dnsop@ietf.org
Message-ID: <20170907143239.x4out34m7weaah2u@nic.fr>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
X-Operating-System: Debian GNU/Linux 9.1
X-Kernel: Linux 4.9.0-3-amd64 x86_64
X-Charlie: Je suis Charlie
Organization: NIC France
X-URL: http://www.nic.fr/
User-Agent: NeoMutt/20170113 (1.7.2)
X-Bogosity: No, tests=bogofilter, spamicity=0.004096, version=1.2.2
X-PMX-Version: 6.0.0.2142326, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2017.9.7.142116
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/3ITGN6-u75gGCPhvlkCZxcw4-L0>
Subject: [DNSOP] Remarks about draft-wkumari-dnsop-internal-00
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2017 14:32:45 -0000
draft-wkumari-dnsop-internal-00 proposes to reserve .internal for RFC1918-like domain names. There is clearly a strong demand for that. (There is also a strong demand for happy sex, great food, excellent wines and diamong rings, but let's ignore it for the moment). The document clearly documents that it will not happen, since it requires an entire new process at ICANN. The draft requires a delegation to AS112. Since one of the goals is to limit leaks, I'm not sure it is a good idea. During the development of draft-bortzmeyer-dname-root, several people noticed that, unlike the root, the AS 112 is managed by an unbounded set of unknown operators. Not great for privacy. Regarding section 4 (DNSSEC), I wonder if it would be a better idea to have a name like that in the root: shouldnotarriveattheroot.internal. IN TXT "Check your resolvers" This way, requests for anything.internal which leaked at the root would receive an insecure denial of existence (since there is no DS for .internal). Problem solved, no? % dig @localhost -p 9053 NS printer.internal ... ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53323 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ... ;; AUTHORITY SECTION: intel. 86400 IN NSEC shouldnotarriveattheroot.internal. NS DS RRSIG NSEC intel. 86400 IN RRSIG NSEC 13 1 86400 ( 20171005142909 20170907142909 6172 . RMtu2iXqWAO7LOuB2L/IgbfSuf3h6d7eTQdnEshw+uZT WDz0HuSHUeC5YJTxPc2qwGN8xa6dmeGGLX6rTkpWaQ== ) . 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. ( 2017090702 ; serial 1800 ; refresh (30 minutes) 900 ; retry (15 minutes) 604800 ; expire (1 week) 86400 ; minimum (1 day) ) ... [Note it would not solve the ICANN problem.] Also, it may be a good idea to add an "Internationalization considerations" section. If people want a memorable domain name (and not, say, the TLD .693268ed5948276cb48c3f3339ac465d, which would work as well), it's because it is typable and rememberable), they may want it in other languages.
- [DNSOP] Remarks about draft-wkumari-dnsop-interna… Stephane Bortzmeyer
- Re: [DNSOP] Remarks about draft-wkumari-dnsop-int… Paul Hoffman
- Re: [DNSOP] Remarks about draft-wkumari-dnsop-int… Stephane Bortzmeyer
- Re: [DNSOP] Remarks about draft-wkumari-dnsop-int… Paul Wouters
- Re: [DNSOP] Remarks about draft-wkumari-dnsop-int… Stephane Bortzmeyer
- Re: [DNSOP] Remarks about draft-wkumari-dnsop-int… Suzanne Woolf
- Re: [DNSOP] Remarks about draft-wkumari-dnsop-int… George Michaelson