Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Ted Lemon <> Thu, 25 January 2018 18:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CE4E512DA6D for <>; Thu, 25 Jan 2018 10:02:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Eqtwz38TLa2B for <>; Thu, 25 Jan 2018 10:02:40 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6BD7C12E035 for <>; Thu, 25 Jan 2018 10:02:40 -0800 (PST)
Received: by with SMTP id s3so21377628qtb.10 for <>; Thu, 25 Jan 2018 10:02:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=2esMq7ZzPnR4j4BMX370xTF14KqWstGAT9sV5LlxXWE=; b=G3hrQr2kxMKBhZLBMNHPbDcJdNj77u4Tn2XlmHawKbIOFwQQSEiOtiJmrx7zYIkEWV SflD5O6vfCDqW8G53S0uJTu8Dm59dR1Ks698qhzJm+GqAimTv6KT+AlschjQ4WBZPOGU Hog3jnNmVy8/XRFg+e+RQsJX+J2tkedZJqdHQf6cfh8Sgw+aGya1qwc4T/zr8xCX1LWJ MAqPKrG3N1t5R1+LtreMB5AoCWLzk0CbO53LFsZS59NXuucO0qUDWE92rPkbAeMwh18N bsKQC6JG9YqfAc3Sfy8bRZBDKyMTNRb3i1NFIbpprhfW5Cpnn4ouKNZyIN45s/prgIq/ ODUg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=2esMq7ZzPnR4j4BMX370xTF14KqWstGAT9sV5LlxXWE=; b=aFRXEiFS6UKe63r+Of8uIDEjMS7drLX8Wm8MGxcJBD2sNQF03v+8wsZKOsK3k0Nigp zudJnKi5hA209TLKt0gfp6wjWggjTeBgSQ0skun1Wtx56Fiu5jNErGvjwvcPvV4M/p9P 6tqn490aanPEkPAo4VEuj9axbKvioInTm5eLWog4XhfOg+8Z7bIK1/v8m99ivUeWVaNv wVYGw5E+gSoJohG2eIY4Jjq5a19GjW21QjHMbH2JDvY7Gvrt+6FDbRJbWNjgNdJ6hp0g i8Lj3XbrAzRDWjRo/p06DMgkasQiE9l0eHYu2LsmluF2ys29JAB7ZkT/u7hrsa9NKv8A 4fnQ==
X-Gm-Message-State: AKwxyteBs5iDhPUKAO/HI/9rb3uXFUdeCyfW0dJEag966FhW9wIMaoLS lfTdGjto3qwE4X44Q780OPZdpF4a5fc=
X-Google-Smtp-Source: AH8x227D1B5TYGQU9HpohoGJgiNvL0VALEQX5Inu2BDU5vrPdvopzfZQZAlUteEyVfSCbtdL+9+AHQ==
X-Received: by with SMTP id k127mr15632545qkd.47.1516903350702; Thu, 25 Jan 2018 10:02:30 -0800 (PST)
Received: from cavall.lan ( []) by with ESMTPSA id d42sm4287552qta.87.2018. for <> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 25 Jan 2018 10:02:28 -0800 (PST)
From: Ted Lemon <>
Content-Type: multipart/alternative; boundary="Apple-Mail=_03B7A397-188B-40DF-A6DE-55F86006F721"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Date: Thu, 25 Jan 2018 13:02:27 -0500
References: <> <> <> <> <>
In-Reply-To: <>
Message-Id: <>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 25 Jan 2018 18:02:44 -0000

On Jan 25, 2018, at 12:54 PM, Viktor Dukhovni <> wrote:
> I'm fine with recursive resolvers not *forwarding*
> "localhost.", but forbidding local answers is I think taking it
> too far and counter-productive.

Can you talk about why you think this is important?

I ask because the point of forbidding local answers is that it's an attack surface we'd like to close.   If there's a reason not to close it, it would be good to understand the use case you have in mind in terms of how much value we would lose in exchange for the value we'd gain in closing that attack surface.

Also, it's worth bearing in mind that regardless of what this document says, you can always answer queries to 'localhost.'   Is there a reason why that's not enough to satisfy your use case?