IETF Logo Mail Archive

[DNSOP] Re: Call for Adoption: draft-davies-internal-tld

Philip Homburg <pch-dnsop-6@u-1.phicoh.com> Fri, 18 April 2025 20:42 UTC

Return-Path: <pch-b6CAFA0C7@u-1.phicoh.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id E94691E49440 for <dnsop@mail2.ietf.org>; Fri, 18 Apr 2025 13:42:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XoTKnm6P-HtJ for <dnsop@mail2.ietf.org>; Fri, 18 Apr 2025 13:42:59 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [45.83.6.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4469D1E4943B for <dnsop@ietf.org>; Fri, 18 Apr 2025 13:42:58 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (TLS version=TLSv1.2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305) (Smail #158) id m1u5sY5-0000MSC; Fri, 18 Apr 2025 22:42:57 +0200
Message-Id: <m1u5sY5-0000MSC@stereo.hq.phicoh.net>
To: dnsop@ietf.org
From: Philip Homburg <pch-dnsop-6@u-1.phicoh.com>
Sender: pch-b6CAFA0C7@u-1.phicoh.com
References: <m1u5h1G-0000LcC@stereo.hq.phicoh.net> <83666fd3-a51f-46e1-a5ac-0b9a46361480@desec.io> <20250418201613.D9204C53F937@ary.qy>
In-reply-to: Your message of "18 Apr 2025 16:16:13 -0400 ." <20250418201613.D9204C53F937@ary.qy>
Date: Fri, 18 Apr 2025 22:42:56 +0200
Message-ID-Hash: YPP3TMGPMQRDDCQQRCFZVZ3VZ54KZXL3
X-Message-ID-Hash: YPP3TMGPMQRDDCQQRCFZVZ3VZ54KZXL3
X-MailFrom: pch-b6CAFA0C7@u-1.phicoh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: John Levine <johnl@taugh.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LNoiNvfCTIezEziKlTZ2po6DpTk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

> If I were using .internal names, I would configure them in unbound
> exactly the same way that I configure the rDNS for 192.168/16 and
> >onion and the other zones it's preconfigured to serve. If you ask
> for DNSSEC, it says it's unsigned.
> 
> If someone is about to say but then if I do my own DNSSEC checks
> in my end device it won't work. 

That's too simple. If you do your own DNSSEC checks and forward to a local
recursor then home.arpa. will work because it is an insecure delegation.

As it stands today, internal is not delegated so it only works on the
recursor where internal is configured but not on any other DNSSEC validator.

In my opinion, that's quite a big difference.

v2.31.3 | Report a Bug | By Email | System Status