Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Andrew Sullivan <> Fri, 02 February 2018 18:06 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4D4E012D82D for <>; Fri, 2 Feb 2018 10:06:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key) header.b=brLnx/Wj; dkim=pass (1024-bit key) header.b=ksSJs0zb
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8YBWv9oFTX09 for <>; Fri, 2 Feb 2018 10:06:08 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 999A81252BA for <>; Fri, 2 Feb 2018 10:06:08 -0800 (PST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id D6453BE072 for <>; Fri, 2 Feb 2018 18:05:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1517594737; bh=PJBbgA0MNn2LidDC5EOpuBOGcq4D0GriAW5oW4vRfi0=; h=Date:From:To:Subject:References:In-Reply-To:From; b=brLnx/Wj/WfobdkejM9cDiqWJa6X0ACAABbuiukM/UbwqEhIx+IrQnbVDdAX0qOeO pM1Abwb7ojzHqhFskYt8b1xh11TxGb8l6AZNz1RZ0chctLc07BPsXyBteG1lCfqfm2 I+qbh5hiIXRFXzh7dHXlDwcy2hiuSiCM7dunBap4=
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id x4PRiCjPYzUu for <>; Fri, 2 Feb 2018 18:05:36 +0000 (UTC)
Date: Fri, 2 Feb 2018 13:05:34 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=default; t=1517594736; bh=PJBbgA0MNn2LidDC5EOpuBOGcq4D0GriAW5oW4vRfi0=; h=Date:From:To:Subject:References:In-Reply-To:From; b=ksSJs0zbSwEluydql8LVopqgIfvE17DyJ8wOIeEVuaqSBv/jiKJXST1CFvz79J8p3 0vgiL7+KbVNRNEiXD2pv3tN1iVGLCrSTkA3VA41yPhzSpjBu5eDchMHBXdbcTTdkUH 71g7Miy5oHKprFMD2fBdNfsgd+RT2p0nuO4DDtdw=
From: Andrew Sullivan <>
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
Archived-At: <>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 02 Feb 2018 18:06:10 -0000

On Thu, Feb 01, 2018 at 08:46:01PM -0500, Joe Abley wrote:
> Can we take a brief pause to acknowledge that "the DNS" as a phrase is highly ambiguous


> and think about whether we mean the protocol,

I mean this and 

> any particular installation or the namespace (and if so, which one, since there are many, even if our context is a single Root Server System serving a single Root Zone, note capitals, which I think it should be).

this but

> any particular implementation, 

not this.

That is, I think that localhost is a DNS name in the context of the
Internet DNS root zone.  I think that because RFC 2606 and RFC 6761
say so, and because I was under the impression that the Internet root
zone operated by IANA still conforms to RFCs.  It's apparent now to
me, however, that the Internet root does not actually answer for
localhost.  I find this surprising and wrong.  It is also possibly
part of the reason for the complaint that people can't rely on the
name "localhost", since a query to the root for that name will get a
cacheable response saying authoritatively that the name does not
exist.  I don't know whether that _is_ part of the problem, of course.
I note that SAC045 observes that localhost was in the top 10 "invalid
TLDs" queried between 2006 and 2009.  (I realise now that when that
came out I didn't check to see whether the root was responding as RFC
6761 said it should.  This was plainly a mistake on my part.)

As Mark says elsewhere in this thread, localhost is not a protocol
switch.  It's a name in the context of the global, Internet DNS;
respoding authoritatively with NXDOMAIN is therefore wrong.

Best regards,


Andrew Sullivan