Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Paul Vixie <> Wed, 24 January 2018 21:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0C9CB129966 for <>; Wed, 24 Jan 2018 13:38:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 43p4MC0xQ3Iw for <>; Wed, 24 Jan 2018 13:38:55 -0800 (PST)
Received: from ( [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4EA1312AF6E for <>; Wed, 24 Jan 2018 13:38:55 -0800 (PST)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id 907347594C for <>; Wed, 24 Jan 2018 21:38:54 +0000 (UTC)
Message-ID: <>
Date: Wed, 24 Jan 2018 13:38:53 -0800
From: Paul Vixie <>
User-Agent: Postbox 5.0.22 (Windows/20171208)
MIME-Version: 1.0
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Jan 2018 21:38:57 -0000

viktor, i don't disagree with your goals, but i have a proposal as to 

no resolver should be sending single-label names in DNS requests, period.

search list processing should not be applied to the "localhost" single 
label name, ever.

operating system lookups like gethostbyname() or similar, that are 
willing to look at the /etc/hosts or local equivalent, should be willing 
to discover any entry, even single-label names such as "localhost".

if there is no /etc/hosts or similar that can contain something like the 
"localhost" name, then the operating system library (gethostbyname or 
similar) ought to translate this to ::1 (or in hard code.

in other words there is no situation in which NXDOMAIN should be 
encountered for the "localhost" name, because no query should ever be 
sent. and that's mostly true today. localhost is getting returned due to 
search list processing, when it's returned by DNS at all.

because i don't think outlawing the name in an RDNS responder is the 
right place for this logic, nor that these responders are likely to be 
updated soon, nor that an operator of such a server will decide that 
implementing this change is in their best interests (wrt help desk calls.)