Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Viktor Dukhovni <> Wed, 24 January 2018 20:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 353E3129511 for <>; Wed, 24 Jan 2018 12:56:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PnlnxP7urw7E for <>; Wed, 24 Jan 2018 12:56:22 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5F9C8127876 for <>; Wed, 24 Jan 2018 12:56:22 -0800 (PST)
Received: by (Postfix, from userid 1034) id E8CF77A330A; Wed, 24 Jan 2018 20:56:20 +0000 (UTC)
Date: Wed, 24 Jan 2018 20:56:20 +0000
From: Viktor Dukhovni <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.7.2 (2016-11-26)
Archived-At: <>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Jan 2018 20:56:24 -0000

On Tue, Jan 23, 2018 at 08:03:25PM +0000, Jeff Hodges wrote:

> This is great! I can't wait for it to ship.

I am not nearly so enthusiastic about an important component of
the draft.  Specifically, I'd like to suggest that while the
requirement for recursive resolvers to return NXDOMAIN for "localhost."
is well-intentioned, it will prove counter-productive to the
motivating goals of this draft.

To whit, the stated motivation is in good measure that applications
should be able to rely on getting loopback addresses in response
to user requests to access resources located at "localhost".  And
I agree that requiring stub resolvers to short-circuit "localhost"
is a positive step in that direction.  However, I'd like to suggest
that requiring recursive resolvers to return NXDOMAIN will likely

When the C-library (or equivalent) stub resolver has not yet been
updated to short-circuit "localhost" (the only case in which the
requirement on recursive resolvers is relevant), but a spanking
new recursive resolver starts returning "NXDOMAIN" per the draft,
the user's reaction will not be an immediate rebuild of the system
library to short-circuit "localhost".  Rather, the far more likely
outcome is that users will switch to using IP addresses, which is
precisely what the draft is trying to avoid.

Therefore, I'd like to suggest that draft should require that
loopback addresses be returned as early as possible at every layer
of the stack, the application, the stub resolver, and the iterative
resolver (everybody except the root servers).

In summary, I believe that the draft's goals would be better served
by *requiring* recursive resolvers to short-circuit the request
and return the applicable requested (A or AAAA) loopback address.