IETF Logo Mail Archive

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Mark Andrews <marka@isc.org> Thu, 07 September 2017 04:17 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15DB6132D7E for <dnsop@ietfa.amsl.com>; Wed, 6 Sep 2017 21:17:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uWrqYfFjM0-T for <dnsop@ietfa.amsl.com>; Wed, 6 Sep 2017 21:17:14 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6DBAC1321A3 for <dnsop@ietf.org>; Wed, 6 Sep 2017 21:17:14 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id A2C0024AE1F; Thu, 7 Sep 2017 04:16:57 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 5F51C160043; Thu, 7 Sep 2017 04:17:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 4298C160071; Thu, 7 Sep 2017 04:17:04 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id KkMQP3cIkafF; Thu, 7 Sep 2017 04:17:04 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id B2D03160043; Thu, 7 Sep 2017 04:17:03 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id ED0BB8482BFF; Thu, 7 Sep 2017 14:16:59 +1000 (AEST)
To: Warren Kumari <warren@kumari.net>
Cc: Ted Lemon <mellon@fugue.com>, Tim Wicinski <tjw.ietf@gmail.com>, dnsop <dnsop@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <CADyWQ+EZQY9i5-4Ce-NZykwC+sS6iY868Wg0crW6KAZTGQxFQg@mail.gmail.com> <24CD1C88-58C5-4D6C-9F00-E3A2CD8C657C@fugue.com> <CADyWQ+Ex23QVef3AegWB4Jgd-sjG-G4z7XmXL9guN8PeWtsssw@mail.gmail.com> <93C3A47F-07C4-443F-AB87-B5C29F6B6774@fugue.com> <CAHw9_iKBDY9hNThOY3GDeG7BbCkc8Ncy1T=rjpcQ=h5qdB7=UQ@mail.gmail.com>
In-reply-to: Your message of "Wed, 06 Sep 2017 13:12:02 -0400." <CAHw9_iKBDY9hNThOY3GDeG7BbCkc8Ncy1T=rjpcQ=h5qdB7=UQ@mail.gmail.com>
Date: Thu, 07 Sep 2017 14:16:59 +1000
Message-Id: <20170907041659.ED0BB8482BFF@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/75ylxotpMYvBmipXlhI1vDEuBg4>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2017 04:17:17 -0000

In message <CAHw9_iKBDY9hNThOY3GDeG7BbCkc8Ncy1T=rjpcQ=h5qdB7=UQ@mail.gmail.com>
, Warren Kumari writes:

> On Wed, Sep 6, 2017 at 10:35 AM, Ted Lemon <mellon@fugue.com> wrote:
> > On Sep 6, 2017, at 10:33 AM, tjw ietf <tjw.ietf@gmail.com> wrote:
> >
> > Thanks.  The document still waffles, but it 'waffles less' than it did
> > initially.  But Mike is committed to working that and any other issue
> which
> > may arise.
> >
> >
> > The question I really have is not whether Mike is willinghe's stated
> that
> > he is.   It's whether the working group is willing, since returning
> NXDOMAIN
> > is an actual change in behavior from the original specification in RFC
> 6761,
> > and will likely result in some breakage, since it can safely be assumed
> that
> > some stacks are currently following the RFC6761 advice.
> >
>
> Actually, I suspect that the breakage will be fairly minimal -- Google
> Public DNS appears to have been returning NXDOMAIN since launch:
> dig +nocmd +nostats localhost @8.8.8.8
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55075
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;localhost. IN A
>
> ;; AUTHORITY SECTION:
> . 14208 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017090502
> 1800 900 604800 86400

Which shows absolutely nothing.  

Is 'localhost.' assigned for use by my local machine?  I believe
the answer to that is: Yes.  If if is assigned for use then with
DNSSEC there MUST be a delegation in the root or is this working
group going to overstep its mandate and tell me how I can use the
name localhost.  ICANN stuffed up by not adding the delegation when
the root zone was signed.  It was necessary then and it is still
necessary now.

If we want to create a alternative name and give it much more
restrictive properties than the current assignment of localhost has
then I'm fine with that.  It is actually the correct fix for the
problem statement.  Fiddling with the properties of localhost after
it has been in use for decades isn't the way to address this issue.

Mark

> and Verisign returns NOERROR (probably also since launch):
> dig +nocmd +nostats localhost @64.6.64.6
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44657
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;localhost. IN A
>
> ;; ANSWER SECTION:
> localhost. 10800 IN A 127.0.0.1
>
>
> This doesn't seem to have caused any breakage - or, at least, we
> haven't heard of any, and apparently basically no-one had noticed a
> difference :-)
>
> W
> >
> >
> >
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
> >
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>    ---maf
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email