Re: [DNSOP] Alternative Special-Use TLD problem statement draft
"Adrien de Croy" <adrien@qbik.com> Thu, 07 April 2016 01:44 UTC
Return-Path: <adrien@qbik.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCEBD12D121 for <dnsop@ietfa.amsl.com>; Wed, 6 Apr 2016 18:44:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JMI1c4KNbr4e for <dnsop@ietfa.amsl.com>; Wed, 6 Apr 2016 18:44:47 -0700 (PDT)
Received: from smtp.qbik.com (smtp.qbik.com [122.56.26.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF39E12D111 for <dnsop@ietf.org>; Wed, 6 Apr 2016 18:44:46 -0700 (PDT)
Received: From [192.168.1.146] (unverified [192.168.1.146]) by SMTP Server [192.168.1.3] (WinGate SMTP Receiver v8.5.6 (Build 4877)) with SMTP id <0000692730@smtp.qbik.com>; Thu, 07 Apr 2016 13:44:44 +1200
From: Adrien de Croy <adrien@qbik.com>
To: David Conrad <drc@virtualized.org>
Date: Thu, 07 Apr 2016 01:44:44 +0000
Message-Id: <emd2f2d460-e339-4109-8281-eac232cc7cd6@bodybag>
In-Reply-To: <31B0EB50-A8EB-42DE-BDFE-CF0972A40C30@virtualized.org>
User-Agent: eM_Client/6.0.24928.0
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MBDBA06E28-A30E-4747-AB0A-921D0A8FA288"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/LqMncMF1IKyrOjVp1bdd5Cses5w>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Subject: Re: [DNSOP] Alternative Special-Use TLD problem statement draft
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Adrien de Croy <adrien@qbik.com>
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 01:44:50 -0000
OK, if we look at those 1 at a time. RFC1918 defines private IP address ranges. Stating that a reverse lookup for a private IP should never be encoded onto a DNS packet and sent to a DNS server flies in the face of practice, and there are many many useful scenarios where this is done. I don't think we are being precise enough when we say "shouldn't hit the DNS". PTR lookups for private IPs is a case where we do it all the time on private networks - use DNS to query a local DNS server for the name associated with a private IP. If we took this to heart and prevented this by special casing such lookups in our DNS resolver code, we would break a lot of legitimate stuff. It gets more blurred when your ISP assigns you a private IP address. In this case PTR lookups for addresses in the subnet may well be legitimate against the ISP's name server. Looking then at 2606 the top level reserved names .test .example .invalid .localhost and example.com example.net example.org It's clear that the reservation of the second level domains is not behaving as we intend with 6761, since I can do a resolution of these names with DNS, and connect to the servers with HTTP. As for the top level ones, localhost is about the only one where you typically see actual special code in resolvers AFAICT. It's one thing to reserve a TLD. It's another thing to actually use it for something non-DNS. I don't have a problem with necessarily reserving TLDs to never be used. But DNS resolvers should not be making decisions about that, and as soon as you reserve one, and then start using it you have these leakage problems that TOR is seeing. I'm also not convinced that there is an "Internet namespace" that's usefully different to and a superset of the DNS namespace. It seems a bit of a logical paradox to have the universe being bigger than the tree but also being in the tree. Or is "Internet namespace" the new name for the DNS namespace and DNS namespace has been demoted to only being the part of the tree that is left after you add these other TLDs. Seems a bit circular to me. So, we're left with the 1 single TLD that is the problem and that's .onion, and regardless of the problems that is demonstrating, we wish to roll out more of these. Adrien ------ Original Message ------ From: "David Conrad" <drc@virtualized.org> To: "Adrien de Croy" <adrien@qbik.com> Cc: "dnsop@ietf.org" <dnsop@ietf.org> Sent: 7/04/2016 1:19:58 p.m. Subject: Re: [DNSOP] Alternative Special-Use TLD problem statement draft >Adrien, > >> I think we still need to answer the question about whether DNS >>namespace should be polluted for non-DNS resolution. > >I believe your question is wrong. > >The "DNS namespace" can't be polluted for non-DNS resolution because >the DNS namespace is, by definition, only comprised of names that can >be resolved via the DNS. The "Internet namespace" is larger than that. > Even before RFC 6761, there were names that should never hit the DNS, >specified in RFCs 2606 and 1918. RFC 7686 added "onion". A number of >folks want to add more. > >In my view, the real question here is what is the distinguishing >characteristic(s) and processes by which an "Internet name" is >categorized as a "DNS name" (which, at least at the top level, >presumably falls under ICANN community-defined policies) and those fall >under a different categorization. > >Regards, >-drc >(speaking only for myself) > > >
- [DNSOP] Alternative Special-Use TLD problem state… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… Philip Homburg
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… Philip Homburg
- Re: [DNSOP] Alternative Special-Use TLD problem s… Paul Hoffman
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… Tim Wicinski
- Re: [DNSOP] Alternative Special-Use TLD problem s… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… Alain Durand
- Re: [DNSOP] Alternative Special-Use TLD problem s… George Michaelson
- Re: [DNSOP] Alternative Special-Use TLD problem s… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… George Michaelson
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… George Michaelson
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… David Conrad
- Re: [DNSOP] Alternative Special-Use TLD problem s… David Conrad
- Re: [DNSOP] Alternative Special-Use TLD problem s… David Conrad
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… Patrik Fältström
- Re: [DNSOP] Alternative Special-Use TLD problem s… David Conrad
- Re: [DNSOP] Alternative Special-Use TLD problem s… Philip Homburg
- [DNSOP] Example domains and following the standar… Stephane Bortzmeyer
- [DNSOP] Formal syntax in the Special-Use domain r… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… David Conrad
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Formal syntax in the Special-Use doma… Alain Durand
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… Alain Durand
- Re: [DNSOP] Alternative Special-Use TLD problem s… Paul Hoffman
- Re: [DNSOP] Alternative Special-Use TLD problem s… joel jaeggli
- Re: [DNSOP] Alternative Special-Use TLD problem s… Suzanne Woolf
- Re: [DNSOP] Alternative Special-Use TLD problem s… Suzanne Woolf
- Re: [DNSOP] Alternative Special-Use TLD problem s… Suzanne Woolf
- Re: [DNSOP] Alternative Special-Use TLD problem s… David Conrad
- Re: [DNSOP] Alternative Special-Use TLD problem s… David Conrad
- Re: [DNSOP] Alternative Special-Use TLD problem s… joel jaeggli
- Re: [DNSOP] Alternative Special-Use TLD problem s… George Michaelson
- Re: [DNSOP] Alternative Special-Use TLD problem s… joel jaeggli
- Re: [DNSOP] Alternative Special-Use TLD problem s… Suzanne Woolf
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… Warren Kumari
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… Stephane Bortzmeyer
- Re: [DNSOP] Alternative Special-Use TLD problem s… John Levine
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… David Conrad
- Re: [DNSOP] Alternative Special-Use TLD problem s… Ted Lemon
- Re: [DNSOP] Alternative Special-Use TLD problem s… Warren Kumari
- Re: [DNSOP] Alternative Special-Use TLD problem s… Adrien de Croy
- Re: [DNSOP] Alternative Special-Use TLD problem s… John R Levine
- Re: [DNSOP] Alternative Special-Use TLD problem s… Philip Homburg
- Re: [DNSOP] Alternative Special-Use TLD problem s… Donald Eastlake