IETF Logo Mail Archive

Re: [DNSOP] Future of "Using DNAME in the DNS root zone for sinking of special-use TLDs" ?

Paul Wouters <paul@nohats.ca> Fri, 14 October 2016 14:05 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3589128E18 for <dnsop@ietfa.amsl.com>; Fri, 14 Oct 2016 07:05:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.996
X-Spam-Level:
X-Spam-Status: No, score=-4.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-2.996] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6fsMteXdtM3G for <dnsop@ietfa.amsl.com>; Fri, 14 Oct 2016 07:04:59 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C58D412972F for <dnsop@ietf.org>; Fri, 14 Oct 2016 07:04:57 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3swTr611vyz47L; Fri, 14 Oct 2016 16:04:54 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1476453894; bh=WPPW8Kf5MWfa3/yqsxGHpnn3V4GM3DQu/EtiLK5a+UQ=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=L6+1i+saY52rRE68b+gfimiivqQ04H1rakjHwBH8ICmn7xE5wFHxK7No1NdvmPdlr WXXhEAY1PuycMxwT9m3oAT5MRv3eu9AkV70b59xqSGEWF4ub1BAfz3jUpAQp1+xZ6n 7TMk2VjZ8WNBWak5njeFvw5sQhxkzeUOHV5u+M78=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id Taj3zMJxSZBk; Fri, 14 Oct 2016 16:04:52 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 14 Oct 2016 16:04:52 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id C31A14533EB; Fri, 14 Oct 2016 10:04:21 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca C31A14533EB
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id B9C2640D3585; Fri, 14 Oct 2016 10:04:21 -0400 (EDT)
Date: Fri, 14 Oct 2016 10:04:21 -0400
From: Paul Wouters <paul@nohats.ca>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
In-Reply-To: <20161014133135.2n3wuh2n5sb3jqt7@nic.fr>
Message-ID: <alpine.LRH.2.20.1610141002540.16905@bofh.nohats.ca>
References: <20161014133135.2n3wuh2n5sb3jqt7@nic.fr>
User-Agent: Alpine 2.20 (LRH 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/7IB9Js6L7wH8OwMT04UiIYBeUBI>
Cc: dnsop@ietf.org, as112-ops@dns-oarc.net
Subject: Re: [DNSOP] Future of "Using DNAME in the DNS root zone for sinking of special-use TLDs" ?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 14:05:01 -0000

On Fri, 14 Oct 2016, Stephane Bortzmeyer wrote:

> draft-bortzmeyer-dname-root
> <https://datatracker.ietf.org/doc/draft-bortzmeyer-dname-root/?include_text=1>,
> which proposes to "sink" special-use TLD (may be you've heard of RFC
> 6761 "special use domain names"?) using AS 112, will expire soon. From
> the discussions, the two biggest issues were the "governance"
> difficulties (adding DNAME records in the root...) and the privacy
> issues (sending .local requests to random AS 112 operators).
>
> It seems there is not enough interest for this work, so I was thinking
> of just documenting the current state of the discussion, in case other
> people rediscover the problem. May be an individual RFC?

This is tricky. We want DNS resolvers to not send these onto the
internet. But by adding delegations in the root to AS112, aren't
we making it more likely that the queries leak further onto the net?

Paul

v2.31.3 | Report a Bug | By Email | System Status