[DNSOP] DNSSEC in local networks

Jim Reid <jim@rfc1035.com> Mon, 04 September 2017 08:26 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0D05B1321AA for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 01:26:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id PrCXg2_I6-5y for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 01:26:19 -0700 (PDT)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6051126D0C for <dnsop@ietf.org>; Mon, 4 Sep 2017 01:26:18 -0700 (PDT)
Received: from [] (unknown []) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id A3DC12421529; Mon, 4 Sep 2017 08:26:15 +0000 (UTC)
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: text/plain; charset="us-ascii"
From: Jim Reid <jim@rfc1035.com>
X-Priority: 3 (Normal)
In-Reply-To: <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>
Date: Mon, 04 Sep 2017 09:26:14 +0100
Cc: dnsop WG <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3B75D240-13B9-4A94-B56D-24E83B4A4A8F@rfc1035.com>
References: <150428805872.6417.9525310755360551475@ietfa.amsl.com> <59A9B760.2060209@mathemainzel.info> <alpine.DEB.2.11.1709012044210.2676@grey.csi.cam.ac.uk> <59A9BCA2.6060008@mathemainzel.info> <20170903043202.GA18082@besserwisser.org> <59AC4E42.9080600@mathemainzel.info> <60304450-DFA3-4982-B01D-CC33C49BDCFC@isc.org> <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>
To: "Walter H." <Walter.H@mathemainzel.info>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/B4K_y9vLQK0_ER5BIks7wZTfFv0>
Subject: [DNSOP] DNSSEC in local networks
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2017 08:26:20 -0000

> On 4 Sep 2017, at 07:12, Walter H. <Walter.H@mathemainzel.info> wrote:
> by the way: why are you discussing about DNSSEC for names that are used
> only locally?

Why do you seem to assume there are never, ever any DNS security issues on the local net?
Why would someone want to deliberately configure things to prevent DNSSEC-aware applications and resolvers from working on the local net?