Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Mark Andrews <marka@isc.org> Fri, 08 September 2017 00:06 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AFA7133044 for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 17:06:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VWXDNoGhlU-n for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 17:06:06 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F010B133041 for <dnsop@ietf.org>; Thu, 7 Sep 2017 17:06:05 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 8092734B5CC; Fri, 8 Sep 2017 00:06:02 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 5BBF216008F; Fri, 8 Sep 2017 00:06:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 3F88216008E; Fri, 8 Sep 2017 00:06:02 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id TPTmt3ZDA6es; Fri, 8 Sep 2017 00:06:02 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id BD618160073; Fri, 8 Sep 2017 00:06:01 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id DDBD7849CFAC; Fri, 8 Sep 2017 10:05:59 +1000 (AEST)
To: Ted Lemon <mellon@fugue.com>
Cc: Warren Kumari <warren@kumari.net>, dnsop WG <dnsop@ietf.org>, Tim Wicinski <tjw.ietf@gmail.com>
From: Mark Andrews <marka@isc.org>
References: <CADyWQ+EZQY9i5-4Ce-NZykwC+sS6iY868Wg0crW6KAZTGQxFQg@mail.gmail.com> <24CD1C88-58C5-4D6C-9F00-E3A2CD8C657C@fugue.com> <CADyWQ+Ex23QVef3AegWB4Jgd-sjG-G4z7XmXL9guN8PeWtsssw@mail.gmail.com> <93C3A47F-07C4-443F-AB87-B5C29F6B6774@fugue.com> <CAHw9_iKBDY9hNThOY3GDeG7BbCkc8Ncy1T=rjpcQ=h5qdB7=UQ@mail.gmail.com> <20170907041659.ED0BB8482BFF@rock.dv.isc.org> <CAPt1N1kXeF0zj_VHuv00taZ+39hR6Nw19uZ5rdxJr3aUeS5RvQ@mail.gmail.com> <20170907045934.C194B848328B@rock.dv.isc.org> <BFAECDAF-8F4B-4C8D-AB7E-1615BD54EF93@fugue.com>
In-reply-to: Your message of "Thu, 07 Sep 2017 09:23:29 -0400." <BFAECDAF-8F4B-4C8D-AB7E-1615BD54EF93@fugue.com>
Date: Fri, 08 Sep 2017 10:05:59 +1000
Message-Id: <20170908000559.DDBD7849CFAC@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/C5xc59KyhLKNeH1xhr9b1Z84FUE>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 00:06:07 -0000

In message <BFAECDAF-8F4B-4C8D-AB7E-1615BD54EF93@fugue.com>om>, Ted Lemon writes:
> 
> On Sep 7, 2017, at 12:59 AM, Mark Andrews <marka@isc.org> wrote:
> > I shouldn't BE FORCED to hard code special LOCALHOST rules into DNS
> > tools.  Lookups should "just work" like they did before the root
> > zone was signed.
> 
> Because...?

Because there are things you can do with localhost as a DNS zone
that you can't do with /etc/hosts, NIS, etc. as they are limited
to addresses only.

Localhost should work just like home.arpa.  The tools we use shouldn't
need special knowledge.  Special knowledge means EVERYTHING needs
to be tested to see if it works with localhost as well and regular
names.  That testing will get missed.  If it doesn't get missed it
costs more money.  Workarounds for different behavior increases the
probability of bugs being introduced as there will be seperate code
paths.

If I want to add a local trust anchor for localhost I will then
need additional code to disable the workaround for the fact the
root doesn't have a insecure delegation.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org