Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Mark Andrews <marka@isc.org> Thu, 14 September 2017 00:54 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 749A6132F6C for <dnsop@ietfa.amsl.com>; Wed, 13 Sep 2017 17:54:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.901
X-Spam-Level:
X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1bjPcHFYud6B for <dnsop@ietfa.amsl.com>; Wed, 13 Sep 2017 17:54:54 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EB9AD132F69 for <dnsop@ietf.org>; Wed, 13 Sep 2017 17:54:54 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 0D71A34C0DD; Thu, 14 Sep 2017 00:54:50 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id E6A0516007A; Thu, 14 Sep 2017 00:54:49 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id C98DD160079; Thu, 14 Sep 2017 00:54:49 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id A-Yqt0gux9gD; Thu, 14 Sep 2017 00:54:49 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 6415716006C; Thu, 14 Sep 2017 00:54:49 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id DA4C1859D924; Thu, 14 Sep 2017 10:54:46 +1000 (AEST)
To: Ted Lemon <mellon@fugue.com>
Cc: dnsop WG <dnsop@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <20170913171915.1194.qmail@ary.lan> <714677EA-E3C8-4145-825C-5BA8EABD018C@fugue.com>
In-reply-to: Your message of "Wed, 13 Sep 2017 19:45:32 -0400." <714677EA-E3C8-4145-825C-5BA8EABD018C@fugue.com>
Date: Thu, 14 Sep 2017 10:54:46 +1000
Message-Id: <20170914005446.DA4C1859D924@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/AglYqwSmPyPLmKVaAkDYhzyYueE>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Sep 2017 00:54:56 -0000

In message <714677EA-E3C8-4145-825C-5BA8EABD018C@fugue.com>om>, Ted Lemon writes:
> 
> On Sep 13, 2017, at 1:19 PM, John Levine <johnl@taugh.com> wrote:
> > I concur with Mark that while localhost.<foo> is a problem,
> > <foo>.localhost is not.  I've occasionally used that hack to pass
> > traffice to various servers running on 127/8 addresses other than
> > 127.0.0.1.
> 
> So we should expose end-users to attack because it's "occasionally" =
> convenient for you to do this hack?

The biggest problem is that HTTP says that hostnames in URLs may
be relative.  Close that grand canyon sized security hole.  There
is zero need for relative names in URL's in html documents, email
etc.  There is some need for them in address bars but that is UI.
What goes over the wire should be treated as absolute, always.

Treat "localhost" as always being absolute.  No searching if that
is the entered hostname.  Yes, this will break somethings that
depend on searching to find localhost.*.  It is the one hangover
from the flat global namespace we still have.

Have public DNS return unsigned NODATA for localhost (qtype != SOA,
NS, DS) and signed NODATA for localhost DS.

getaddrinfo() et al. is still free to hardcode localhost -> (::1,
127.0.0.1) if the implementation wants to.  Make it a requirement
for *browsers* (includes curl, fetch, lynx etc.) to do this if you
want.

Recommend that recursive servers have a "localhost." zone with ::1
and 127.0.0.1 for "localhost." built in by default.

You don't need to sabatage the DNS.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org