IETF Logo Mail Archive

Re: [DNSOP] DNSSEC, additional special names & draft-chapin-additional-reserved-tlds-00.txt

Tony Finch <dot@dotat.at> Thu, 27 February 2014 13:17 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11C5A1A027F for <dnsop@ietfa.amsl.com>; Thu, 27 Feb 2014 05:17:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.847
X-Spam-Level:
X-Spam-Status: No, score=-1.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_64=0.6, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rFwr7Gu8jKLg for <dnsop@ietfa.amsl.com>; Thu, 27 Feb 2014 05:17:09 -0800 (PST)
Received: from ppsw-40.csi.cam.ac.uk (ppsw-40-v6.csi.cam.ac.uk [IPv6:2001:630:212:8::e:f40]) by ietfa.amsl.com (Postfix) with ESMTP id D2B351A021A for <dnsop@ietf.org>; Thu, 27 Feb 2014 05:17:08 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-1.csi.cam.ac.uk ([131.111.8.51]:52454) by ppsw-40.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.156]:25) with esmtpa (EXTERNAL:fanf2) id 1WJ0pm-0005JW-kt (Exim 4.82_3-c0e5623) (return-path <fanf2@hermes.cam.ac.uk>); Thu, 27 Feb 2014 13:17:06 +0000
Received: from fanf2 by hermes-1.csi.cam.ac.uk (hermes.cam.ac.uk) with local id 1WJ0pm-0004DK-Ex (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Thu, 27 Feb 2014 13:17:06 +0000
Date: Thu, 27 Feb 2014 13:17:06 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-1.csi.cam.ac.uk
To: Jim Reid <jim@rfc1035.com>
In-Reply-To: <DC2770FB-A9E7-472D-A16D-2BFE5CA153AD@rfc1035.com>
Message-ID: <alpine.LSU.2.00.1402271315430.18502@hermes-1.csi.cam.ac.uk>
References: <20140129055438.2402.qmail@joyce.lan> <97E20887-2B9C-4EAD-826B-043306605F88@fl1ger.de> <54BE75D7-E70B-46AB-93C1-042E655BB5E7@apple.com> <D0AC0015-63C3-4C03-A8D0-888C435D2775@virtualized.org> <20140226100311.E73CA1069B39@rock.dv.isc.org> <8FEAF0FC-2AC3-4F39-9825-7068AAA6E40D@hopcount.ca> <6F605B46-51AD-4A21-BA3E-5723AA843EC6@virtualized.org> <20140227021436.E957210702F7@rock.dv.isc.org> <7E284F2F-1A99-4E57-B7BD-46129AEDDD04@virtualized.org> <20140227074249.2972F107D273@rock.dv.isc.org> <B67B8708-66D9-4372-B3E4-58FBC3297E9D@rfc1035.com> <20140227115518.D4628107FA73@rock.dv.isc.org> <D27FE132-502B-46EE-8B55-CB71908BBEB8@rfc1035.com> <alpine.LSU.2.00.1402271219440.13302@hermes-1.csi.cam.ac.uk> <DC2770FB-A9E7-472D-A16D-2BFE5CA153AD@rfc1035.com>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/NnJ9xfIdudE2ZzlS4Uq2JVqUmx4
Cc: DNSOP WG <dnsop@ietf.org>
Subject: Re: [DNSOP] DNSSEC, additional special names & draft-chapin-additional-reserved-tlds-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Feb 2014 13:17:11 -0000

Jim Reid <jim@rfc1035.com> wrote:

> On 27 Feb 2014, at 12:21, Tony Finch <dot@dotat.at> wrote:
>
> > The problem occurs when common operating systems start shipping validating
> > resolvers, then users will not be able to browse to http://router.home to
> > configure their device.
>
> An what do these users currently do when router.home or whatever doesn't
> resolve regardless of whether DNSSEC is involved?

They follow the troubleshooting guide and eventually get it to work.

With DNSSEC the only resolution would be to turn off validation on the
user's computer which is NOT what we want.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
Fisher, German Bight, Humber: South 6 to gale 8, becoming variable 4 later.
Moderate or rough, occasionally very rough at first in Fisher, becoming slight
later in German Bight and Humber. Rain or showers. Moderate or good.

v2.23.0 | Report a Bug | By Email