Re: [DNSOP] Proposal for a side-meeting on services centralization at IETF 104 Prague
Paul Vixie <paul@redbarn.org> Thu, 14 March 2019 05:32 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EFD012705F; Wed, 13 Mar 2019 22:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8eq3u_5h-ckt; Wed, 13 Mar 2019 22:32:52 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [24.104.150.213]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 337FD127994; Wed, 13 Mar 2019 22:32:52 -0700 (PDT)
Received: from linux-9daj.localnet (vixp1.redbarn.org [24.104.150.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 4A608892C6; Thu, 14 Mar 2019 05:32:51 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: Ted Lemon <mellon@fugue.com>
Cc: dnsop@ietf.org, Vittorio Bertola <vittorio.bertola@open-xchange.com>, doh@ietf.org, dns-privacy@ietf.org, hrpc@irtf.org
Date: Thu, 14 Mar 2019 05:32:48 +0000
Message-ID: <4425132.CsHbCTgi9Z@linux-9daj>
Organization: Vixie Freehold
In-Reply-To: <D97261BB-1D62-400F-8EBD-886B5BA586BD@fugue.com>
References: <20190311170218.o5hitvysuefhjjxk@nic.fr> <2044747.4WdMZHU4Qz@linux-9daj> <D97261BB-1D62-400F-8EBD-886B5BA586BD@fugue.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/T1eJpsO7BP2C2JVBGlFOLpxsT9w>
Subject: Re: [DNSOP] Proposal for a side-meeting on services centralization at IETF 104 Prague
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 05:32:54 -0000
On Thursday, 14 March 2019 00:48:53 UTC Ted Lemon wrote: > On Mar 12, 2019, at 2:52 PM, Paul Vixie <paul@redbarn.org> wrote: > > please do not relegate discussions about the loss of operator control over > > the RDNS control plane > > Although it’s certainly true that DNS is used as a control plane by many > operators, there is no standard “RDNS control plane.” ... i don't think lack of standardization is the same as not existing. devices which honour the dhcp-assigned rdns service, work as expected, and as intended. devices who ignore that setting and seek their own rdns by their own internal configuration, will often not work at all. because many of us amend our locally visible dns namespace with things like .corp or .home or .local, it's even more vital that devices respect the rdns assignment i make. the dns content i want to be visible on my network, have to be visible on my network. because many of us won't allow pirate or malware or otherwise undesired DNS lookups to succeed, either because we don't like the name, or we don't like the result of the query, or we don't like some name server that would be involved in resolving it. the dns content i don't want to be visible on my network, have to not be visible on my network. from the days before dhcp when we typed these numbers in by hand, until now, it has always been the expectation that rdns was part-and-parcel of local network service. no different in that regard from dhcp or arp, neither of which is standardized under the heading, "control plane", yet, are. so i think i'm not going to follow you down this terminological rabbit hole. the reason that internet creations of yours will work better on my network if you treat the rdns as part of my control plane is, because it's my network and that's how i operate it. you're not welcome to bypass it, nor answer dhcp requests when you're not my dhcp server, nor answer arp requests when you aren't the device i assigned that address to. you can call that tautological if you wish. but it's the life my networks lead. external DoH providers are explicitly not welcome to provide service to malware or intruders who get into my network -- because rdns is part of my control plane, and like arp and dhcp, i control it and i monitor it, for $reasons. > The problem with the discussion we’ve been having about DoH and how it > affects your “RDNS control plane” is that we’re talking past each other, > not that the discussion should be had elsewhere. It’s fine for there to > be a discussion, but if there is going to be a discussion, participants > need to engage constructively, and not just fling slogans at each other. i think i've flung considerably more than slogans, and, it's been exhausting. vixie
- [DNSOP] Proposal for a side-meeting on services c… Stephane Bortzmeyer
- Re: [DNSOP] Proposal for a side-meeting on servic… Vittorio Bertola
- Re: [DNSOP] [hrpc] Proposal for a side-meeting on… Allison Mankin
- Re: [DNSOP] Proposal for a side-meeting on servic… Stephane Bortzmeyer
- Re: [DNSOP] Proposal for a side-meeting on servic… Stephane Bortzmeyer
- Re: [DNSOP] [Doh] Proposal for a side-meeting on … Mark Nottingham
- Re: [DNSOP] [Doh] Proposal for a side-meeting on … Stephane Bortzmeyer
- Re: [DNSOP] Proposal for a side-meeting on servic… Vittorio Bertola
- Re: [DNSOP] Proposal for a side-meeting on servic… Paul Vixie
- Re: [DNSOP] Proposal for a side-meeting on servic… Ted Lemon
- Re: [DNSOP] [Doh] Proposal for a side-meeting on … George Michaelson
- Re: [DNSOP] [Doh] Proposal for a side-meeting on … Paul Vixie
- Re: [DNSOP] Proposal for a side-meeting on servic… Paul Vixie
- Re: [DNSOP] Proposal for a side-meeting on servic… Ralf Weber
- Re: [DNSOP] [hrpc] Proposal for a side-meeting on… Stephen Farrell
- Re: [DNSOP] [hrpc] Proposal for a side-meeting on… Ralf Weber
- Re: [DNSOP] Proposal for a side-meeting on servic… Ted Lemon
- Re: [DNSOP] [hrpc] Proposal for a side-meeting on… Vinicius Fortuna [vee-NEE-see.oos]
- Re: [DNSOP] [hrpc] Proposal for a side-meeting on… Paul Vixie
- Re: [DNSOP] [Doh] [hrpc] Proposal for a side-meet… Vittorio Bertola