IETF Logo Mail Archive

[DNSOP] Re: Call for Adoption: draft-davies-internal-tld

Shumon Huque <shuque@gmail.com> Fri, 18 April 2025 13:47 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id AFD9A1E17008 for <dnsop@mail2.ietf.org>; Fri, 18 Apr 2025 06:47:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7M5ex-loGMzn for <dnsop@mail2.ietf.org>; Fri, 18 Apr 2025 06:47:26 -0700 (PDT)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 32B8B1E16FF7 for <dnsop@ietf.org>; Fri, 18 Apr 2025 06:47:26 -0700 (PDT)
Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-4394a823036so10228935e9.0 for <dnsop@ietf.org>; Fri, 18 Apr 2025 06:47:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1744984045; x=1745588845; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Wu2pv6opmupO9oR8hJIR4U/jWX+jGKXgRXLwszCZJo8=; b=fvg98Iv/4S1GbPu9KTHwoiwORoLPNBUjL7AeC1CeoPMsZKDJl+cllbDvZYHEW9KTsm 3wVqFuaLskM398auhEXaFsmJASN0pQ++LTGz3No3UVK65DglsLQHf5nFWsH6yUFQnGzX wMaVOPRVAgBn6/5ORLiv3YmV9dkKCO+Y6K3wdMNK0JCQVEZOQ4jjevFX2HdUVYvYJIdT yOWbOkaFT08xANnZTPUxrjFZKNLa8MxkcX1Ut+XZdCG7VhEwyCHPlsPy6FaP4dG/GFhj vRww+6g6sB2uRLemrQvG1uGYIO2/kcDTEZT8wx1BWXAMrVFt6LYlFK+SV6UgG8LFskA1 r18g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744984045; x=1745588845; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Wu2pv6opmupO9oR8hJIR4U/jWX+jGKXgRXLwszCZJo8=; b=loq61icSPS5HrpiK5mvWGFeXvjJlvq5nlBThjim4UPsJsWhiZI4OdmhAoBGE3rSY/L kMgA6oZUqbZ0AfPZ7w/a7DR2AT8JJEDk5dplwzRBrDe1WH3erZ4Sgl1VdxHn+oHDDQkH CJxYeXpx9yTON7Wf9bDKcjYalOPH37Rz2+EvSyucGu5/COZ3jxO4AxxzL5UoB9Nyd/8z frZgXJslje+cqTec+sF4k/JeBluwrbcvTVJpPg53ICU1gykx0/S2qZMLTxsaaB9iAgBB 4vBI8Rz/54IZpjwrbev9XK3tT7O5tXNBUg9ya3bnnEO2tY/xHkoY56gE8ayn/mJeMeYF Mo5g==
X-Gm-Message-State: AOJu0YzVV0MAdBsKGvV57TYvS9bYlMy7Zou9TG1JXdqbBMarA5rFPJp4 PRRGV/pbo4UBFU6ehfGcZUYj8OSxkY2/P132kFbScD0quxoE86WZuFPDh0GrqooQtzPFvTkZq09 Y2eWv1xN5bBgKYzuWs1aILsVI4c8=
X-Gm-Gg: ASbGncuP5vswMqcM+HzWHBEVzlGEhqU+v8+aGeKD8zsvLUHBFlFmo/IUqVsuR+rirdj NGTZFzZ2Wf3/wcgBV1BDMRuENAMQbHh/8T2AR5F+FdM77pgyLSatOzBK61WiBOT5BZQmm7Zb51t mfg+3lNEinpQS93zclzS3bAC3L9UxJ19q5
X-Google-Smtp-Source: AGHT+IF/nFfiKGryIJpMN0SWiDI5RIXlgrn4JA940IXPaCzMIjPKos6bxxdhZY1oLUwhPykXY4qsfr/d7CmTfTzeEWI=
X-Received: by 2002:a05:600c:54c7:b0:43d:7a:471f with SMTP id 5b1f17b1804b1-440707602a9mr8301745e9.18.1744984044935; Fri, 18 Apr 2025 06:47:24 -0700 (PDT)
MIME-Version: 1.0
References: <m1u5h1G-0000LcC@stereo.hq.phicoh.net> <B1447F30-154A-46FB-A7A8-04E26A020E03@depht.com> <m1u5ixW-0000MQC@stereo.hq.phicoh.net>
In-Reply-To: <m1u5ixW-0000MQC@stereo.hq.phicoh.net>
From: Shumon Huque <shuque@gmail.com>
Date: Fri, 18 Apr 2025 09:47:13 -0400
X-Gm-Features: ATxdqUHuFKLEev-eL8piq3hnKexEnLEKabx0vE81Z38oljWJFgIAtYJqHl7Kzvs
Message-ID: <CAHPuVdVZoiEaoGB8qU8_aAcPSYujKP12ziZKXAU9z2ZLkK7G6g@mail.gmail.com>
To: Philip Homburg <pch-dnsop-6@u-1.phicoh.com>
Content-Type: multipart/alternative; boundary="0000000000002325ab06330dc2fc"
Message-ID-Hash: VVAWSJH6W5WV25GTA4PIQ3DHAKGE4RTL
X-Message-ID-Hash: VVAWSJH6W5WV25GTA4PIQ3DHAKGE4RTL
X-MailFrom: shuque@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org, Andrew McConachie <andrew@depht.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TK2F_wuGxvXFTcIezJtiAWvWbsY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Fri, Apr 18, 2025 at 6:41 AM Philip Homburg <pch-dnsop-6@u-1.phicoh.com>
wrote:

> > The draft does not recommend using or not using .internal. It says:
> >
> >     If an organization determines that it requires a private-use
> >     DNS namespace, it should either use sub-domains of a global
> >     DNS name that
> >     is under its organizational and operational control, or use
> >     the "internal" top-level domain.  This document does not offer
> >     guidance on when a network operators should choose the "internal"
> >     top-level domain instead of a sub-domain of a global DNS name.
> >     This decision will depend on multiple factors such as network
> >     design or organizational needs, and is outside the scope of
> >     this publication.
> >
> > SAC113 said:  Using sub-domains of registered public domain names
> > is still the best practice to name internal resources.
> >
> > Im not against changing the draft to align more with the advice in
> > SAC113, but my inclination is to keep the draft agnostic on this
> > point.  When the authors originally discussed it we decided against
> > offering advice in either direction.
>
> I assume this IETF working group can form an independent opinion.
>
> In my opinion the issue is not whether public domains are better or not.
> My issue is that the IETF should recommend against uses that lead to DNSSEC
> failures.
>
> For example, home.arpa. is safe to use from a DNSSEC validation point of
> view.
>
> So unless DNSSEC validation is improved the draft should actively recommend
> against using internal.
>

I agree with this.

And in fact there are other reasons to not recommend "internal". What
happens
if multiple organizations using "internal" as a private domain merge and
need
to integrate their networks and domains? They have a big mess to clean up
the colliding domains. Why would the IETF ever recommend a DNS configuration
that causes such situations to occur? (Yes, I realize that we have similar
problems
with IPv4 RFC1918 address space, but at least we made an effort to address
that
with IPv6 - by using globally routable address space everywhere or ULAs.).

And if the use case for "internal" is not enterprise networks but primarily
home
networks, we have another specified solution for that (home.arpa).

In my own organization, we would never recommend the use of "internal" for
private domains. We use (multiple) subdomains of other global domains that
we
already own (i.e. what is in the SSAC recommendation).

Shumon.

v2.31.3 | Report a Bug | By Email | System Status