Re: [DNSOP] additional special names Fwd: I-D Action: draft-chapin-additional-reserved-tlds-00.txt

Mark Andrews <marka@isc.org> Tue, 25 February 2014 03:37 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB36C1A03C4 for <dnsop@ietfa.amsl.com>; Mon, 24 Feb 2014 19:37:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.949
X-Spam-Level:
X-Spam-Status: No, score=-4.949 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, J_CHICKENPOX_44=0.6, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GD-tNXQRy7ip for <dnsop@ietfa.amsl.com>; Mon, 24 Feb 2014 19:37:27 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) by ietfa.amsl.com (Postfix) with ESMTP id A77D61A03A7 for <dnsop@ietf.org>; Mon, 24 Feb 2014 19:37:26 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.ams1.isc.org (Postfix) with ESMTP id 555CF23839C; Tue, 25 Feb 2014 03:37:12 +0000 (UTC) (envelope-from marka@isc.org)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 3725B16005B; Tue, 25 Feb 2014 03:38:03 +0000 (UTC)
Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id EBBA516004E; Tue, 25 Feb 2014 03:38:02 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 4BDCB10413A9; Tue, 25 Feb 2014 14:37:08 +1100 (EST)
To: Stuart Cheshire <cheshire@apple.com>
From: Mark Andrews <marka@isc.org>
References: <20140129055438.2402.qmail@joyce.lan> <97E20887-2B9C-4EAD-826B-043306605F88@fl1ger.de> <54BE75D7-E70B-46AB-93C1-042E655BB5E7@apple.com>
In-reply-to: Your message of "Mon, 24 Feb 2014 17:51:43 -0800." <54BE75D7-E70B-46AB-93C1-042E655BB5E7@apple.com>
Date: Tue, 25 Feb 2014 14:37:08 +1100
Message-Id: <20140225033708.4BDCB10413A9@rock.dv.isc.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/Jg2oTfJSaqa6Rdq9OURiPHKLwcA
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, John Levine <johnl@taugh.com>, Ralf Weber <dns@fl1ger.de>
Subject: Re: [DNSOP] additional special names Fwd: I-D Action: draft-chapin-additional-reserved-tlds-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 03:37:32 -0000

In message <54BE75D7-E70B-46AB-93C1-042E655BB5E7@apple.com>;, Stuart Cheshire wr
ites:
> On 29 Jan, 2014, at 07:47, Ralf Weber <dns@fl1ger.de>; wrote:
>
> > Where shall this stop? How about .LOKALESNETZWERK (german for .LAN).
> > How many domains do we want to treat special? I know this draft only asks
> > for 8, but some of them are on ICANNs application list.
>
> Currently, with no established procedure for local-use names, the result
> is chaos. Since no DNS equivalent to RFC 1918 exists, people use whatever
> name they feel like. My hope is that if people are offered a short list
> of legitimate pseudo-TLDs for local-use names, the temptation to use some
> other TLD not on that list will be less. Today all NAT gateways I know of
> default to one of the RFC 1918 address ranges. If RFC 1918 did not exist,
> would NAT gateways not exist, or would they just hijack who-knows-what
> addresses? I suspect the latter.

There is a slight difference.  There is no restriction on getting
names other than unwillingness or lack of education about how to
get a name.  There is a real restriction on getting enough IPv4
addresses to avoid having to use NAT.

With IPv6 you don't even need split DNS.

They can alway use <name>.10.in-addr.arpa. 10.in-addr.arpa is a
perfectly legal suffix for a hostname and 10.in-addr.arpa has a
insecure delegation so there are no DNSSEC issues.  Additionally
the AS112 server will soak any leaked names.  It's not as
pretty as .home or .lan or .corp or .... but it will work.

Alternatively get home.arpa insecurely delegated to a AS112 style
server.  <hostname>.home.arpa. isn't too bad and matches the hostname
structure of 99% of the corporate work, <hostname>.<label>.<tld>.

This also has the advantage that it doesn't involve root zone
politics.

Mark

> If we acknowledge and document the reality, the IETF can have a role in
> guiding it in a sane direction. If we pretend local-use names don't
> exist, then the IETF has less relevance in the real world and the real
> world carries on without us.
>
> > I also don't think there are risks in delegation these other than the
> applicants will get lots of traffic.
>
> No, the risk is that the applicants *won't* get the traffic they want,
> because some user's local DNS is answering those queries.
>
> If we have *some* pseudo-TLDs reserved for local-use names, there's a
> stronger argument that local hijacking of other names is illegitimate.
>
> And yes, if you want .LOKALESNETZWERK, then argue for that. Let's use
> this IETF discussion process to get some clarity on which names are
> local-use and which ones are not.
>
> Stuart Cheshire
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org