IETF Logo Mail Archive

Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost

Ted Lemon <mellon@fugue.com> Fri, 08 September 2017 02:17 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E198913308C for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 19:17:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6MzarJTpH7Rr for <dnsop@ietfa.amsl.com>; Thu, 7 Sep 2017 19:17:44 -0700 (PDT)
Received: from mail-pf0-x233.google.com (mail-pf0-x233.google.com [IPv6:2607:f8b0:400e:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12826132D62 for <dnsop@ietf.org>; Thu, 7 Sep 2017 19:17:44 -0700 (PDT)
Received: by mail-pf0-x233.google.com with SMTP id e199so2340284pfh.3 for <dnsop@ietf.org>; Thu, 07 Sep 2017 19:17:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=xkB9G4PVjMDSEbzEGDN7PEztz4NJ8MDC6wgJFFoG1Ig=; b=svIbOxHTxk/c8n05Se7PIA3ScqEfuSEgIRG+vvrSW69+tP4gNKb1DhlOJ6srtVt09X e26eZ4g2n/Q96T1w0Z9vP3hjvTnLe7oRx9Y8ym2T8n6+i3WauDS3/8FAvx/sZc0FvIzQ LspvOoWdwRdnPwZ0MdSljQawSa0SeGCqD/GuLgxkS7C6eNk/A0WgLx4NzaO7ObBzvn5b Ev1A+nqg0dMmpjWcqQkkI8eCekjl5VsLQ6hSPAnkW0b1+SDnisUIvX9V8RqYxnj8fFg/ fzXWBqEQkq2o8nT+NvviuSuDGAmi5LCfn+ZrE+DrDXnnzWDBlhae0X1skpDi/m/Ho1kj Dm2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=xkB9G4PVjMDSEbzEGDN7PEztz4NJ8MDC6wgJFFoG1Ig=; b=gZXu6djdvpCA1MIb1A/zLgs1Ghew5C4RmZHG1eqcwYKM1GTK608gJ2e3TNhSOFGjna uKRh8Ld3JHcAJ7x6yFY7uOVx+kCGNe23fTJD8PiJVC3cxt8RoNP73J5ZUPHKxD/fvvYE Pexao4wvKTdrltq8g+s96BP91XImA15ilw7NV66hBPRxmLFjf1r5TjnQR50giyJVEHnm NUQWPoM4G/NBoPhHd4S0zHk2/G1hjHCdDD+NEHnMmtmYmE+CAgffZ2xjxv+p/8XaR6J+ vPoM7JymttreH6gRjuvXuuPpl7mg/Z36I4I2VtbOTL1k5InmpuHJ3VybNIhXvSWZcK8Z scZQ==
X-Gm-Message-State: AHPjjUhv2hsylsKrwNIt7MoicfglByW7GREyY2rQQ8dy240WoRg0EGxl q2R/U0PX4EWuP0oEyJvNyXVrrHAZ3PqG
X-Google-Smtp-Source: ADKCNb595wSw84KKG0yHacrKDIg+kFlJpPlxWDYxHVbrqxwe/+SbyMEcL5CfwU8DsjrYg1IjSMjSSOVEWVkEZB4dqD4=
X-Received: by 10.99.95.147 with SMTP id t141mr1526124pgb.340.1504837063521; Thu, 07 Sep 2017 19:17:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.152.98 with HTTP; Thu, 7 Sep 2017 19:17:42 -0700 (PDT)
Received: by 10.100.152.98 with HTTP; Thu, 7 Sep 2017 19:17:42 -0700 (PDT)
In-Reply-To: <20170908000559.DDBD7849CFAC@rock.dv.isc.org>
References: <CADyWQ+EZQY9i5-4Ce-NZykwC+sS6iY868Wg0crW6KAZTGQxFQg@mail.gmail.com> <24CD1C88-58C5-4D6C-9F00-E3A2CD8C657C@fugue.com> <CADyWQ+Ex23QVef3AegWB4Jgd-sjG-G4z7XmXL9guN8PeWtsssw@mail.gmail.com> <93C3A47F-07C4-443F-AB87-B5C29F6B6774@fugue.com> <CAHw9_iKBDY9hNThOY3GDeG7BbCkc8Ncy1T=rjpcQ=h5qdB7=UQ@mail.gmail.com> <20170907041659.ED0BB8482BFF@rock.dv.isc.org> <CAPt1N1kXeF0zj_VHuv00taZ+39hR6Nw19uZ5rdxJr3aUeS5RvQ@mail.gmail.com> <20170907045934.C194B848328B@rock.dv.isc.org> <BFAECDAF-8F4B-4C8D-AB7E-1615BD54EF93@fugue.com> <20170908000559.DDBD7849CFAC@rock.dv.isc.org>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 07 Sep 2017 22:17:42 -0400
Message-ID: <CAPt1N1kKNRU+mF-JVti_CKS25+7g5BFH8Yko53-VKgZqVreZuQ@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: dnsop WG <dnsop@ietf.org>, Warren Kumari <warren@kumari.net>, Tim Wicinski <tjw.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c05f4ca9dd1520558a42ee2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/aFf9FJqWxJdtgc1kaULJuIqg6dM>
Subject: Re: [DNSOP] DNSOP Call for Adoption - draft-west-let-localhost-be-localhost
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2017 02:17:46 -0000

The discussion had covered the failure mode problem. There is substantial
agreement that it's better for a stub that issues a query for localhost to
fail than to succeed. You seem to disagree.

You haven't stated a reason for disagreeing—instead you've vigorously
asserted that this is true. It's fine for you to do this, but if you were
to get your way, that would be exactly the bad outcome I want to avoid.

So if there really is a problem here, it would be good for you to make it
clear. Your stated desire to preserve flexibility makes sense to me, but it
doesn't contradict the reason already given for *not *providing that
flexibility.

Is there some *other* reason why this is important to you, or is that it?

On Sep 7, 2017 8:06 PM, "Mark Andrews" <marka@isc.org> wrote:

>
> In message <BFAECDAF-8F4B-4C8D-AB7E-1615BD54EF93@fugue.com>, Ted Lemon
> writes:
> >
> > On Sep 7, 2017, at 12:59 AM, Mark Andrews <marka@isc.org> wrote:
> > > I shouldn't BE FORCED to hard code special LOCALHOST rules into DNS
> > > tools.  Lookups should "just work" like they did before the root
> > > zone was signed.
> >
> > Because...?
>
> Because there are things you can do with localhost as a DNS zone
> that you can't do with /etc/hosts, NIS, etc. as they are limited
> to addresses only.
>
> Localhost should work just like home.arpa.  The tools we use shouldn't
> need special knowledge.  Special knowledge means EVERYTHING needs
> to be tested to see if it works with localhost as well and regular
> names.  That testing will get missed.  If it doesn't get missed it
> costs more money.  Workarounds for different behavior increases the
> probability of bugs being introduced as there will be seperate code
> paths.
>
> If I want to add a local trust anchor for localhost I will then
> need additional code to disable the workaround for the fact the
> root doesn't have a insecure delegation.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
>

v2.23.0 | Report a Bug | By Email