Re: [DNSOP] Status of "let localhost be localhost"?

"John Levine" <> Sat, 12 August 2017 17:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0509D1321A3 for <>; Sat, 12 Aug 2017 10:10:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 86uPh-_4C6wR for <>; Sat, 12 Aug 2017 10:10:22 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C3394132376 for <>; Sat, 12 Aug 2017 10:10:21 -0700 (PDT)
Received: (qmail 6693 invoked from network); 12 Aug 2017 17:10:20 -0000
Received: from unknown ( by with QMQP; 12 Aug 2017 17:10:20 -0000
Date: 12 Aug 2017 17:09:58 -0000
Message-ID: <20170812170958.14197.qmail@ary.lan>
From: "John Levine" <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <>
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 12 Aug 2017 17:10:24 -0000

In article <> you write:
>On Wed, Aug 9, 2017 at 12:31 PM, Stuart Cheshire <> wrote:
>> [*] If you think it’s stupid to suggest a host might not treat “”
>> as meaning loopback, why is that any more stupid than suggesting that a
>> host might not treat “localhost” as meaning loopback? Both are just as
>> arbitrary.

>The reason is that we understand the process by which names are resolved,
>and we understand the process by which addresses are configured.   You
>likely have only one IP stack on your host.   You may have dozens of stub
>resolvers.   So the stub resolvers are a target-rich environment for
>failure, and they fail unsafe, not safe: by default, they go to the DNS
>protocol to resolve names.

Right.  That's why it's long past time that we make it clear that
non-broken resolvers at any level will treat localhost as a special
case.  As you may have heard, we are not the Network Police, but we do
publish the occasional document telling people what to do if they want
to interoperate with the rest of the Internet.