Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

"Peter van Dijk" <peter.van.dijk@powerdns.com> Tue, 12 September 2017 14:06 UTC

Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1340132D43 for <dnsop@ietfa.amsl.com>; Tue, 12 Sep 2017 07:06:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1c6gWaKf1hS for <dnsop@ietfa.amsl.com>; Tue, 12 Sep 2017 07:06:33 -0700 (PDT)
Received: from mx2.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 478D41326DF for <dnsop@ietf.org>; Tue, 12 Sep 2017 07:06:33 -0700 (PDT)
Received: by mx2.open-xchange.com (Postfix, from userid 1001) id 846606A3C4; Tue, 12 Sep 2017 16:06:31 +0200 (CEST)
Received: from localhost (localhost.localdomain [127.0.0.1]) by mx2.open-xchange.com (Postfix) with ESMTP id E2A296A3C3; Tue, 12 Sep 2017 16:06:28 +0200 (CEST)
Received: from [127.0.0.1] (helo=mx2.open-xchange.com) by localhost with ESMTP (eXpurgate 4.1.8) (envelope-from <peter.van.dijk@powerdns.com>) id 59b7e9e4-034f-7f000001272a-7f000001dec7-1 for <multiple-recipients>; Tue, 12 Sep 2017 16:06:28 +0200
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.open-xchange.com (Postfix) with ESMTPS id 924A76A267; Tue, 12 Sep 2017 16:06:28 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by open-xchange.com (Postfix) with ESMTP id 867743C10D4; Tue, 12 Sep 2017 16:06:28 +0200 (CEST)
Received: from open-xchange.com ([127.0.0.1]) by localhost (imap.open-xchange.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cqvOEBO9Y8jV; Tue, 12 Sep 2017 16:06:28 +0200 (CEST)
Received: from [192.168.0.20] (095-096-086-198.static.chello.nl [95.96.86.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 6900B3C007B; Tue, 12 Sep 2017 16:06:28 +0200 (CEST)
From: "Peter van Dijk" <peter.van.dijk@powerdns.com>
To: dnsop <dnsop@ietf.org>
Date: Tue, 12 Sep 2017 16:06:51 +0200
Message-ID: <63DA2E77-8507-4F25-8684-14EABF9A530E@powerdns.com>
In-Reply-To: <CADyWQ+EZQY9i5-4Ce-NZykwC+sS6iY868Wg0crW6KAZTGQxFQg@mail.gmail.com>
References: <CADyWQ+EZQY9i5-4Ce-NZykwC+sS6iY868Wg0crW6KAZTGQxFQg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Mailer: MailMate (1.9.7r5412)
X-purgate-ID: 151428::1505225188-0000034F-C5908ED7/0/0
X-purgate-type: clean
X-purgate-size: 1379
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate: clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/Yij2_grdrpd_O_B3F_cA2cLcSUY>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Sep 2017 14:06:38 -0000

Hello,

On 6 Sep 2017, at 16:00, tjw ietf wrote:

> When the idea of having a Call for Adoption for this document came up, 
> we
> thought long and hard about this one.  However, the comments from the
> working group focused this document to address the specific issue of 
> the
> local hostname.
>
> This starts a formal Call for Adoption for
> draft-west-let-localhost-be-localhost
>
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-west-let-localhost-be-localhost/

I support adoption of this draft.

I would also like to take this opportunity to codify a related best 
operational practice. As Tony Finch mentioned elsewhere in the thread 
(linking to 
http://news.uis.cam.ac.uk/articles/2017/09/01/deleting-localhost-entries-from-the-cam-ac-uk-dns-zone), 
having a localhost entry in any zone file is an insecure practice.

Since we are doing a draft/RFC on what localhost is and is not, I 
suggest we put some text in there banning (MUST NOT) the practice of 
having localhost entries (at least those pointing to 127.0.0.1/::1?) in 
auth zones. If there is agreement on this I am happy to contribute text. 
This may mean having to say we are updating RFC 1912.

I am happy to review in any case.

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/