IETF Logo Mail Archive

[DNSOP] Re: Call for Adoption: draft-davies-internal-tld

Andrew McConachie <andrew@depht.com> Fri, 18 April 2025 10:17 UTC

Return-Path: <andrew@depht.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C13DF1E067A4 for <dnsop@mail2.ietf.org>; Fri, 18 Apr 2025 03:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=depht.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9L7H7zl7ViMh for <dnsop@mail2.ietf.org>; Fri, 18 Apr 2025 03:17:37 -0700 (PDT)
Received: from mout-b-107.mailbox.org (mout-b-107.mailbox.org [IPv6:2001:67c:2050:102:465::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D3B441E0679F for <dnsop@ietf.org>; Fri, 18 Apr 2025 03:17:37 -0700 (PDT)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-107.mailbox.org (Postfix) with ESMTPS id 4Zf9gK5L55zDr68; Fri, 18 Apr 2025 12:17:33 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=depht.com; s=MBO0001; t=1744971453; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PBQPIs1tko2w2K8/vGFfQrs0zo19aElCHcI2EaspiI4=; b=hY+/2QSedrtwr29qt0MnKaYMgSAGnLTwwuZ/B/KWb07NboFB4VqNIvOd6ltVc0Qwr1z6nx ZycKWgC1t34F+FeV6CjjikIVK2NVwAFMN5oZ5nkqQekG+5PKvvXJrVhvFftUb/tZzqDP3m ZREmTIF1yIjw1+txyN6htnAt29Kkdb+k2Oia0uA3qUjS3w86XB5OqV+GFy2ecU5As7brBB TwUNVgbvSYA0NQhH4cl1Wiqakmbi5F5IDvVq2J8ZbtnDiot03+qtOH6tTA4NewPIL9B45P iExf+ap7tUWauUM2QeRBf9HhwIb2BJK/X1BvDRSd1sStJlTe3SW4XeFMMFXi8Q==
From: Andrew McConachie <andrew@depht.com>
To: Philip Homburg <pch-dnsop-6@u-1.phicoh.com>
Date: Fri, 18 Apr 2025 12:17:17 +0200
Message-ID: <B1447F30-154A-46FB-A7A8-04E26A020E03@depht.com>
In-Reply-To: <m1u5h1G-0000LcC@stereo.hq.phicoh.net>
References: <m1u5h1G-0000LcC@stereo.hq.phicoh.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: 2FNOASF5FPIFPEPDXBMPLVLA2ZVME5ZV
X-Message-ID-Hash: 2FNOASF5FPIFPEPDXBMPLVLA2ZVME5ZV
X-MailFrom: andrew@depht.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/BRaI2OpYR2cl2yIVJ_JVZhiGNYE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>


On 18 Apr 2025, at 10:24, Philip Homburg wrote:

>> Please review the draft and share your thoughts on the mailing
>> list, clearly stating whether you support its adoption by DNSOP.
>> Also let us know if you are willing to contribute text, provide
>> reviews, or help in other ways.
>
> The current draft contains the following text:
> DNSSEC validating resolvers will fail to resolve names ending in 
> "internal".
>
> In my opinion we should not have a specification that leads to DNSSEC
> validation errors.
>
> One option is to simply not have a draft at all. The IETF is not in 
> charge
> of the DNS namespace. The IETF deals with technical aspects of DNS.
>
> A second option is to have a draft that recommends against using this 
> domain
> because doing so leads to DNSSEC validation errors. So the points in 
> Section
> 5.1 (in particular point 1) should be changed that the use is not 
> recommended.
>
> A third option is to find a way to avoid DNSSEC validation errors. 
> That is
> not a technical problem, there are multiple ways. But it seems that
> none of those is acceptable.
>

The draft does not recommend using or not using .internal. It says:

    If an organization determines that it requires a private-use DNS
    namespace, it should either use sub-domains of a global DNS name 
that
    is under its organizational and operational control, or use the
    "internal" top-level domain.  This document does not offer guidance
    on when a network operators should choose the "internal" top-level
    domain instead of a sub-domain of a global DNS name.  This decision
    will depend on multiple factors such as network design or
    organizational needs, and is outside the scope of this publication.

SAC113 said:
“Using sub-domains of registered public domain names is still the best 
practice to name
internal resources.”

I’m not against changing the draft to align more with the advice in 
SAC113, but my inclination is to keep the draft agnostic on this point. 
When the authors originally discussed it we decided against offering 
advice in either direction.

—Andrew

v2.31.3 | Report a Bug | By Email | System Status