IETF Logo Mail Archive

Re: [DNSOP] Call for Adoption: draft-arends-private-use-tld

Wes Hardaker <wjhns1@hardakers.net> Mon, 15 June 2020 15:27 UTC

Return-Path: <wjhns1@hardakers.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3A553A0DB1; Mon, 15 Jun 2020 08:27:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uHYt9a8U2Jjg; Mon, 15 Jun 2020 08:27:44 -0700 (PDT)
Received: from mail.hardakers.net (mail.hardakers.net [168.150.192.181]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EF223A0F90; Mon, 15 Jun 2020 08:27:17 -0700 (PDT)
Received: from localhost (unknown [10.0.0.3]) by mail.hardakers.net (Postfix) with ESMTPA id 085D224303; Mon, 15 Jun 2020 08:27:17 -0700 (PDT)
From: Wes Hardaker <wjhns1@hardakers.net>
To: Tim Wicinski <tjw.ietf@gmail.com>
Cc: dnsop <dnsop@ietf.org>, dnsop-chairs <dnsop-chairs@ietf.org>
References: <CADyWQ+F=JA6fogcy_JGRJaZv=Hq52ozgmY5gmzfPm=1oHcJXKg@mail.gmail.com>
Date: Mon, 15 Jun 2020 08:27:16 -0700
In-Reply-To: <CADyWQ+F=JA6fogcy_JGRJaZv=Hq52ozgmY5gmzfPm=1oHcJXKg@mail.gmail.com> (Tim Wicinski's message of "Fri, 12 Jun 2020 11:12:23 -0400")
Message-ID: <yblwo48ic2z.fsf@w7.hardakers.net>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/BeEdB9YNUJu06Xxz0uQiTSbmQ7A>
Subject: Re: [DNSOP] Call for Adoption: draft-arends-private-use-tld
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2020 15:27:46 -0000

Tim Wicinski <tjw.ietf@gmail.com> writes:

> This starts a Call for Adoption for draft-arends-private-use-tld

TLDR: As is, I'm afraid I can't support this draft for adoption.  First,
this seems an end-run around two other organizations.  And second, I
think there are potential concerns with how the RSS is expected to
handle this increased load.  Both of these, I think, are fixable but as
is it's a no-go from me.

The more complete version:

I agree with your assessment that it is "extremely unlikely" that ISO
3166 Maintenance Agency or ICANN would change their position on the
usability of these codes.  But, this document still makes use of the
codes without even asking either organization "what do you think if we
do this?". All because asking is difficult?  Why would the IETF take on
this land-grab without even consulting these other two agencies.

You claim that these reservations don't require "special handling", and
are thus not part of the special use namespace.  You state that they're
"special on a policy level, but not on a technical or protocol level",
to which I must disagree.  You're asking for new non/never-TLDs to be
not-created and this requires no technical or code-changes.  That
appears true on the face of the situation, until you consider what
happens when these queries leak to the real DNS, which they assuredly
will (we have piles of data proving this as you know).

What happens when an organization/company full of .zz configured
devices, many mobile, start assuming they can query for something under
.zz and they're not behind their organization's resolver that knows to
forward those requests to somewhere internally-special?  They end up at
the root.

I'm sure you're aware that we already have a code-base out there
generating vast numbers of requests that leak to the root [1].  And
that's only on a network change.  Imagine if all of these devices were
generating queries that leak to the root only based on the negative TTL
cache value and how many more queries those might generate.  Now, the
large negative cache in the root should make me feel better, but there
is also a lot of evidence that many resolvers don't seem to follow that
SOA field guidance. Thus, I have a hard time estimating the impact of
this but I have fears it may be larger than ideal (0).

In the end, I think this proposal *does* require technical changes.
Resolvers should black-hole these types of queries.  Better yet, place
this new domain in a place that has public NS records pointing to
non-routable addresses spaces (127.53.53.53 as an example) so that they
can't leak.  This really is, IMHO, a case of a special-use domain.

Meanwhile, your draft talks about the need for this to be a TLD but
doesn't actually argue for it.  You argue extensively why these 2 letter
codes will never cause problems and are used by many other organizations
in different ways too in attempt to achieve [2] status, but you don't
ever argue why this must be at a TLD rather than under something like
.arpa which the IETF has exclusive control over.  I get that a TLD is
easier, more friendly to-users, etc and I don't even disagree.  But I
think if you want this document with its extensive arguing to succeed,
this argument should be included too.


[1]: https://blog.apnic.net/2020/04/13/whats-in-a-name/
[2]: https://xkcd.com/1170/
-- 
Wes Hardaker
USC/ISI

v2.23.0 | Report a Bug | By Email