Re: [DNSOP] [Ext] root crud, Possible alt-tld last call?

Klaus Frank <klaus.frank@posteo.de> Wed, 26 October 2022 17:02 UTC

Return-Path: <klaus.frank@posteo.de>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED9ADC14F6EC for <dnsop@ietfa.amsl.com>; Wed, 26 Oct 2022 10:02:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=posteo.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GjtLTNGjJYK3 for <dnsop@ietfa.amsl.com>; Wed, 26 Oct 2022 10:02:43 -0700 (PDT)
Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACAF9C152568 for <dnsop@ietf.org>; Wed, 26 Oct 2022 10:02:42 -0700 (PDT)
Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 2A0DF240029 for <dnsop@ietf.org>; Wed, 26 Oct 2022 19:02:38 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1666803759; bh=TZ81NezJa8Ap6fi2oVwoC37/z2MEe/TnLqZEDJ8w53o=; h=Date:Subject:To:From:From; b=eAumgCtY6++IPSiABYxguwcorFCITdDARkVLdy7z/ox/xNOMXJ5sWvq8+EomwrxPf HiAZW5PQ+7fRaX/KflFTzi/yTh+MPx7T+ZpvkTi2g4IZwM+cT5iv31pmbkCf/CWLfo iNcd2NE0Iy24L9kgzBsjFsXTFjQngMhaIH431F7m8o58XrPVnKPvJU+DMUHZbFeEVT 0m1D4NHUYgejn8g/eiDZe5DSGsdV7NrNvbEQobDmVFH36clbhAgThg+lYPodiPrdKy sEW5IlM66PiIRnqlW/EmNyWYXfns2aamDGevfCT3SWYzNuqVcoH4TuxFhuCdT04AXS lM/Bv93VfYiyw==
Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4MyFVQ1TNVz9rxH for <dnsop@ietf.org>; Wed, 26 Oct 2022 19:02:37 +0200 (CEST)
Message-ID: <54e36063-8321-3adb-53fa-04bfa026ca91@posteo.de>
Date: Wed, 26 Oct 2022 17:02:36 +0000
MIME-Version: 1.0
To: dnsop@ietf.org
References: <20221025213042.2EAF24D42291@ary.local> <c0e75aec-6f69-3d30-10d5-fadbdfc19cb1@redbarn.org>
Content-Language: de-DE
From: Klaus Frank <klaus.frank@posteo.de>
In-Reply-To: <c0e75aec-6f69-3d30-10d5-fadbdfc19cb1@redbarn.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms050900020609060206050502"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TPPH8G5w8-zjYgBsGh-FBKyoq8g>
Subject: Re: [DNSOP] [Ext] root crud, Possible alt-tld last call?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2022 17:02:47 -0000

I don't quite understand what the controversial part with this is, but 
why not just copy RFC7686 (onion special use domain name) for .ALT?

It's an established precedence and also doesn't look like a bad idea to 
just register the TLD with NXDOMAIN on the "normal" root dns servers?

 > Authoritative DNS Servers: Authoritative servers MUST respond to
 >       queries for .onion with NXDOMAIN.

On 26.10.2022 18:52, Paul Vixie wrote:
>
>
> John Levine wrote on 2022-10-25 14:30:
>> > ...
>>
>> ...  Considering the vast amount of junk traffic that the roots
>> get now, it's hard to imagine that .alt would add enough to care about.
>
> we don't and can't know that. in any case we should first do no harm.
>
> the DNS is capable of signaling that a given domain isn't operable in 
> the DNS, like delegating to localhost, DNAME'ing to AS112, assigning a 
> pseudo-random DS for which there is no corresponding DNSKEY, &etc. if 
> queries in DNS for names ending in .ALT are proof of misconfiguration, 
> then the result of those queries can be arbitrary, and should optimize 
> for the health of the DNS rather than the utility of the misconfigured.
>