IETF Logo Mail Archive

[DNSOP] Re: Call for Adoption: draft-davies-internal-tld

John R Levine <johnl@taugh.com> Sat, 19 April 2025 20:35 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 229471E7FC6C for <dnsop@mail2.ietf.org>; Sat, 19 Apr 2025 13:35:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="qD0lAY+m"; dkim=pass (2048-bit key) header.d=taugh.com header.b="jXyl0oxA"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G4GbpdU1-dcS for <dnsop@mail2.ietf.org>; Sat, 19 Apr 2025 13:35:54 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 9611C1E7FC67 for <dnsop@ietf.org>; Sat, 19 Apr 2025 13:35:54 -0700 (PDT)
Received: (qmail 99493 invoked from network); 19 Apr 2025 20:35:53 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=184a368040929.k2504; t=1745094943; x=1745440543; bh=V4hhJIesPJlaqiWHuGIMtnHqlNKodApI2QAyjLEiM18=; b=qD0lAY+mqiyy/p1p8dAfbKXYtHRpmQgi0cFWtSN4+nU4I4L8x1pv+MtjnDenFaEyURJoo+/02lfu89oO+5by6GIZnoLHmC0IkqtraeIGE5tObiC0zfCx86JMGOX/9a8LwxG3WT4Zrq32qTwODEuRD3feXOs8c5OGpzCmMK6nUwj8CxEF6czNZ5gCLZmTxr5BOpn6c4JfXNIcDio4Tiyfpc1xQZKmstz5s6Z47wNqrvGPm1v0mESNYvEiaKSj42XIFaUka6/g9k4uiOq4QDcAvDyxINYnrtH/7zLZyjKCjk5ZSdT9r//nXs2stp5xYIgPYN8cmkbJ/2rulSRXvlB0Yw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:references:mime-version:content-type; s=184a368040929.k2504; bh=V4hhJIesPJlaqiWHuGIMtnHqlNKodApI2QAyjLEiM18=; b=jXyl0oxAs2aZMsx9iqWBLmDABNadABMHzVR0aIx5iGdnOb1Vam2NjJq9tBzvcAKCyCZldjEC17ogZ4RMdHGB8A9t5MfAgFaIw71C4yTTMmUJfSMWgbHs9ZBnrJSYvnk3Ljtq/YifLraODP37B9zBPA1K1WQpXzM533evSzj5yn9Who/a9AtF7bVnL97u/dWRJVwQwfjzc8knfqUpt50c8lMoAT8DtRgYp/fFDR7rW2pJVMnSEUxebhm1Y5vN/jDNklxUJICo4BNDMA0d817V6pzEMZNbzAnaYgEJ6Zx8mSFGJilzeNXqdCzdtwTen24PkVu25Byz4ebxRQ+aABw99A==
Received: from ary.local ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 19 Apr 2025 20:35:53 -0000
Received: by ary.local (Postfix, from userid 501) id 1A84CC55CCE6; Sat, 19 Apr 2025 16:35:52 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.local (Postfix) with ESMTP id DC5EFC55CCC6; Sat, 19 Apr 2025 16:35:52 -0400 (EDT)
Date: Sat, 19 Apr 2025 16:35:52 -0400
Message-ID: <f5857d8d-494c-a2c0-f852-621816d051d5@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Philip Homburg <pch-dnsop-6@u-1.phicoh.com>, dnsop@ietf.org
X-X-Sender: johnl@ary.local
In-Reply-To: <m1u6EoJ-0000MkC@stereo.hq.phicoh.net>
References: <m1u5h1G-0000LcC@stereo.hq.phicoh.net> <83666fd3-a51f-46e1-a5ac-0b9a46361480@desec.io> <20250418201613.D9204C53F937@ary.qy> <m1u5sY5-0000MSC@stereo.hq.phicoh.net> <38fda3ef-2135-8e37-8e54-f04d5987fbfa@taugh.com> <m1u62ny-0000MNC@stereo.hq.phicoh.net> <ccee3050-b5bc-5733-1652-27cde33fef1c@taugh.com> <m1u6EoJ-0000MkC@stereo.hq.phicoh.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Message-ID-Hash: M2B4MEKBWTBJI6C4GHTDIZN67MO62CAW
X-Message-ID-Hash: M2B4MEKBWTBJI6C4GHTDIZN67MO62CAW
X-MailFrom: johnl@taugh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/G8e2RQg2e79VWWe-RYOLZKfidLc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Sat, 19 Apr 2025, Philip Homburg wrote:
>> about some way to keep the local DNS hacks in sync throughout a
>> network for the people who don't use their cache as the source of
>> DNS truth.
>
> There is a simple way to solve this. Just add a negative trust anchor for
> internal to DNSSEC validating software. But last time I suggested that,
> it was quite unpopular.
>
> It is simply unrealistic to expect that every mobile device that
> contains a DNSSEC validator gets up-to-date information about the
> state of internal on every network it connects to. This should be left
> to recursive resolvers at the core of the network.

Well, yes, or if the stubs are going to validate, they need some way to 
ask the upstream cache about local stuff.

> That's why either the DNSSEC issue should be fixed or we should recommend
> against using internal.

I think it should be fixed, but I also think it's silly to say this is a 
new problem or that .internal breaks in ways different from a zillion 
locally added domains.

R's,
John

v2.31.3 | Report a Bug | By Email | System Status