Re: [DNSOP] Adding more example configurations to draft-ietf-dnsop-7706bis

"John Levine" <johnl@taugh.com> Sat, 27 October 2018 19:44 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1420B130D7A for <dnsop@ietfa.amsl.com>; Sat, 27 Oct 2018 12:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Level:
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=e6rZV5QC; dkim=pass (1536-bit key) header.d=taugh.com header.b=HXVJ5dQH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RRo7g7RcjSdk for <dnsop@ietfa.amsl.com>; Sat, 27 Oct 2018 12:44:01 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D4E612EB11 for <dnsop@ietf.org>; Sat, 27 Oct 2018 12:44:01 -0700 (PDT)
Received: (qmail 7755 invoked from network); 27 Oct 2018 19:43:59 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1e49.5bd4bfff.k1810; bh=QVCdGhH5HKQ59hY4le2IvpsC/PeeTYPIUiSIRtsu6ig=; b=e6rZV5QCQDa/ZLX7LKWwOQmOeBgpoch8ScweB+wI0wouHBzHnFy6JB642LbQu17836p8fk2wBtyiVx22EkzcKfhiIV3U8Qqs2z5ySzv5QTtbQLS8R1G+9FauvQsPmbCHZiUxWgPOZFHBC9DG0YzSCno/sz96uqUVBqaJhFgyN8lhIRWGDqz0U8IM3SSp7vhUkelPshvagX2ngIE2N+dAOZ2l0plThCPFMsJyhvsfmRBldKswwORH28G53EV9uvxn
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1e49.5bd4bfff.k1810; bh=QVCdGhH5HKQ59hY4le2IvpsC/PeeTYPIUiSIRtsu6ig=; b=HXVJ5dQHCiaXo/rNp1OW1yWI3JiX1QH5tBTNLUmgmC0y9zCYuLDBQ/mIkR+ijr2Pt0ZM9bdqea2VT1a8caO4tL8PsrLP9yjJtX/O3VB8mUXUq6RpUYL4wx26lskGZ4qYWqTjeaYQDgP2ogPiC/crERpmliJfP6Tu/temWTUY7T6vr+3d6r4DDT+fZlGKqpoTDRS56y7/U9BuRblcJ/4QZl0jxvq4cZjk7OOD6TlEYlPLAH0mYupiArfgdcdYYgLZ
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 27 Oct 2018 19:43:59 -0000
Received: by ary.qy (Postfix, from userid 501) id 7CD7E20072C687; Sat, 27 Oct 2018 15:43:58 -0400 (EDT)
Date: 27 Oct 2018 15:43:58 -0400
Message-Id: <20181027194359.7CD7E20072C687@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: dnsop@ietf.org
Cc: ray@bellis.me.uk
In-Reply-To: <a1b6b9c4-6d0c-d277-2b9b-575880bc1c14@bellis.me.uk>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/A3RqqYobLM2tyOKwzCiRFdwKsms>
Subject: Re: [DNSOP] Adding more example configurations to draft-ietf-dnsop-7706bis
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Oct 2018 19:44:03 -0000

In article <a1b6b9c4-6d0c-d277-2b9b-575880bc1c14@bellis.me.uk>; you write:
>The 7706-bis text changes that to say:
>
>   The examples here use a loopback address of 127.12.12.12, but typical
>   installations will use 127.0.0.1.  The different address is used in
>   order to emphasize that the root server does not need to be on the
>   device at the name "localhost" which is often locally served as
>   127.0.0.1.
>
>My reading of this is that "the device" referred to is still "the local
>device", not "a n other device".  I think the text is just trying to say
>"just because it's on loopback doesn't require that it be *called*
>localhost".

The usual reason not to put the local root on 127.0.0.1 is that's
where the cache is.  Depending on the quirks of your system, you might
put the local root on another loopback address in 127/8. on a
different port on 127.0.0.1 (works fine in unbound/nsd, haven't tried
it on bind), or even port 53 or another port on a real interface and
firewall out external queries.

R's,
John