Re: [DNSOP] DNSSEC, additional special names & draft-chapin-additional-reserved-tlds-00.txt

Joe Abley <> Fri, 28 February 2014 15:06 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 132841A0830 for <>; Fri, 28 Feb 2014 07:06:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cCgaKmB75WHy for <>; Fri, 28 Feb 2014 07:06:24 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4001:c03::22c]) by (Postfix) with ESMTP id D9CF61A0837 for <>; Fri, 28 Feb 2014 07:06:23 -0800 (PST)
Received: by with SMTP id as1so3009688iec.17 for <>; Fri, 28 Feb 2014 07:06:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=/5sOHQF1JFuSBOQsVSRzvnZp0AQ+4CdDpRq9LWERc78=; b=G/T9Sf0iq7WTERj5CPF6N4cvyIVs4LjR0MQSYiFg+PCFx1kfzn4fYEBpeiifTLKQ3J m29rd1um0i77QeN7risS6kuKHEklfYhROuUAXBH7gw8je3ogLoWpkp6LKo/gNEX2vqUK 5dWMi7F9Z6qeXNJNuDTYQXVQMelVYjf2phiz8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=/5sOHQF1JFuSBOQsVSRzvnZp0AQ+4CdDpRq9LWERc78=; b=Kq3TgAN5KfPULgLa2GnRHhYWORWxTowoGJvG902PCxksG9SjGnQkZ4q4xTn+wlFUlt H4uclpG73MJTsfOcInU+1WuQpluIg4E4Uk1Y3vlcErowtm2/9z0l8y0UOO5CjfworYOg 6D4JUv8qG3DGXnB8JmR72ZH6Ozu0lMeYCyETs4lgbBYauG0mEzBKOhbTEngwVb/p6Hw4 kFuIG69c1A16JbVNV5RCdkbVSXeiOPZ29a18E8ULL2ThVpfKWw1MNiEDghRcM+WzWoYH DkonreubKLhGtL7Uc334LYORLaFGCFCbpAeeo9gBGyxc2fsqhjH8B1M3iMduGkyRkBFK wsGA==
X-Gm-Message-State: ALoCoQnQXgOELXzAHxsiLld8QORR52aAd/MnVJHnVv2RFTOPr3YOnH3DvJwNWDTqlIlvSwWbHMN6
X-Received: by with SMTP id cj2mr4559131igc.7.1393599981899; Fri, 28 Feb 2014 07:06:21 -0800 (PST)
Received: from ( []) by with ESMTPSA id om7sm7796441igb.10.2014. for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 28 Feb 2014 07:06:21 -0800 (PST)
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Joe Abley <>
In-Reply-To: <>
Date: Fri, 28 Feb 2014 10:06:20 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <20140228041955.24570.qmail@joyce.lan> <>
To: Tony Finch <>
X-Mailer: Apple Mail (2.1874)
Cc:, John Levine <>
Subject: Re: [DNSOP] DNSSEC, additional special names & draft-chapin-additional-reserved-tlds-00.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 28 Feb 2014 15:06:26 -0000

On 28 Feb 2014, at 6:31, Tony Finch <> wrote:

> John Levine <> wrote:
>> Since the device and the browser will not be online when you do the
>> initial configuration, it seems to me that if you use a validating
>> resolver you lose no matter what the name is.
> Hmm yes a very good point :-/
> I think this is an argument in favour of registering a special use name
> for this purpose which can be configured with a negative trust anchor.
> Unless someone has a bright idea for some alternative fix…

Bonjour. It works for every other device in the home that needs a direct connection to manage. Nobody assumes that “http://printer.home” is going to do anything useful; why is the gateway device different?

(I’ve never owned a consumer-grade home gateway; whenever I’ve helped out a neighbour with theirs I’ve always just connected to whatever address the gateway’s DHCP server gave me as a default route. I had no idea there was any expectation that “router.home” would do anything sensible. It does go some way to explain what I saw at L-Root when I last had the opportunity to look, though :-)