IETF Logo Mail Archive

[DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Adoption: draft-davies-internal-tld

Ted Lemon <mellon@fugue.com> Sat, 03 May 2025 19:33 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0E7EE24746DC for <dnsop@mail2.ietf.org>; Sat, 3 May 2025 12:33:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=fugue.com header.b="Hp3RUTuC"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="QLvLF2yd"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mP0vGSnUx454 for <dnsop@mail2.ietf.org>; Sat, 3 May 2025 12:33:01 -0700 (PDT)
Received: from flow-a2-smtp.messagingengine.com (flow-a2-smtp.messagingengine.com [103.168.172.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 1442F24746D7 for <dnsop@ietf.org>; Sat, 3 May 2025 12:33:00 -0700 (PDT)
Received: from phl-compute-03.internal (phl-compute-03.phl.internal [10.202.2.43]) by mailflow.phl.internal (Postfix) with ESMTP id 9FBC82005EC; Sat, 3 May 2025 15:33:00 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-03.internal (MEProxy); Sat, 03 May 2025 15:33:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue.com; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1746300780; x=1746307980; bh=c3ewQImBtEojzUXWxoj1MMYWFghvbeHGkTmQQNxx2tg=; b= Hp3RUTuCROyFamh58+1KeZhg1ZJpqLVrARipQwkcuUDlrYg5FfQ0dXp/9RlIaUUL 7LJaMfYwvJ7tju9r4ihph8ItkrfQe55km7wmPCtP/fZdtZAujnAUZSBOjHuXVHDu 0vpXGTidLIRA8K9rAnV090ZUt1kS36VE1dGNpwkcm8eBeefT+b3MY8j+jwmUamWO P4g6hrxRGWtfM8bFB2YA1yo98DUq1Z8+m9YbH284P3xRa7wO6bLHCATDnOGI8Hxn ToSUDykv2uCxRINbr0SjZuWs3BmQm0yTG/wVr2lUtXh8SdhDS9X1eOqe6YGycgGW wFfGlKKLSaEpciOLwm1Viw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1746300780; x= 1746307980; bh=c3ewQImBtEojzUXWxoj1MMYWFghvbeHGkTmQQNxx2tg=; b=Q LvLF2ydgCpnl0j/yS56Xi5haetZ1U2iXVPeU+QwFRyONush6Uhv9bhh1Tg1ElLPp 0q5Jq5uG9OLED7Eag1Y8V4TmO+7ia8O2hO2M6DLcaa8jmi1q0n+rmwhEjeCAikYh y305k1BHcZ+heYLru259bfpoTNwfqXWOYZTR20UuFKlTCnjaN//BXMeJVgN2YgQs DtcjFClHrq8cDPav4g5ZimhqZDF/tiAxT8iwWDfsVsXbodNfuPiK70K5oz3QLCIY znn0nTJ7RgXc9vNCGJMDkrhSMvY+/Z1r98EhXcjWdty6Plh3My5bXn1nm2dsDvqx 4IcvCxDZ0Zxzm6QEJf1mw==
X-ME-Sender: <xms:a28WaGzUv38hWb43yDto-dlLV0sq__uokszVHVQ7FMfcBfUgH3YIPQ> <xme:a28WaCSWDIFEGQREdUAiqRT5fblItstBk2g7s_jz6QO_5ec8zfd3BVu4pTQceOjkf TDXpM9BzKTvRSD4Cy0>
X-ME-Received: <xmr:a28WaIWd0NmOcbr-5bNrtsbRCqIQ2sxiPartwacLq1CsPMRDkCFaOacc9PmaO3UzHwE>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddvjeeiudekucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpegtgg fuhfgjffevgffkfhfvofesthhqmhdthhdtvdenucfhrhhomhepvfgvugcunfgvmhhonhcu oehmvghllhhonhesfhhughhuvgdrtghomheqnecuggftrfgrthhtvghrnhepudfhieeugf dtteelveetieevudejhefgieeileeujeeigeeivdfgteevhfehueetnecuvehluhhsthgv rhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhgvlhhlohhnsehfuhhguh gvrdgtohhmpdhnsggprhgtphhtthhopeefpdhmohguvgepshhmthhpohhuthdprhgtphht thhopehptghhqdgunhhsohhpqdeisehuqddurdhphhhitghohhdrtghomhdprhgtphhtth hopegunhhsohhpsehivghtfhdrohhrghdprhgtphhtthhopegurhgtsehvihhrthhurghl ihiivggurdhorhhg
X-ME-Proxy: <xmx:a28WaMj71_zJOhhvrFbYJ6IXKaygxklgapVToWZkKF0LJQ_3PftUVw> <xmx:a28WaICoz3z7Y1lQoVuKQ_JN0x-1RtnNfpYIXHAy7zLiCEtp3oo0jQ> <xmx:a28WaNJatIywk3cqAIL69QbZAvKgKv8-aIow0GBcoPpX58u7dqGZrw> <xmx:a28WaPDomDqSqXsXdTZhuyDGbPr92u0bvUzS3frQdGy7fy7GBAWS2A> <xmx:bG8WaNBHKI9gd1xYj8w-cWDP7-b_BcBneWHApXbVaypxW21lO5LocZ5A>
Feedback-ID: i1136489e:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 3 May 2025 15:32:59 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.600.51.1.1\))
From: Ted Lemon <mellon@fugue.com>
In-Reply-To: <m1uBHRs-0000LsC@stereo.hq.phicoh.net>
Date: Sat, 03 May 2025 20:32:48 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <D5E32C78-43D4-432A-AAF0-84A3CC53DB46@fugue.com>
References: <1C9E8ABA-4399-491B-A9F4-D9ACCB1BA72C@virtualized.org> <C497EC3A-A06B-4DCC-B0C8-382A3424D7D5@strandkip.nl> <SA1PR15MB43700B9B2C9151FB31381082B3BC2@SA1PR15MB4370.namprd15.prod.outlook.com> <866409E5-0D9A-4669-8C6E-C9D1C7BDAA21@dnss.ec> <SA1PR15MB4370BAE2BD669193DDB9AE44B38D2@SA1PR15MB4370.namprd15.prod.outlook.com> <20250502171756.5AC67C762C3C@ary.qy> <SA1PR15MB43704113DF8B19A8A5A66AD6B38D2@SA1PR15MB4370.namprd15.prod.outlook.com> <4B83E121-9562-449C-A00E-2A31894ADED0@icann.org> <m1uBDWf-0000MlC@stereo.hq.phicoh.net> <9EE8E4CC-04A3-46C7-BDDF-EF538A822AA8@virtualized.org> <m1uBHRs-0000LsC@stereo.hq.phicoh.net>
To: Philip Homburg <pch-dnsop-6@u-1.phicoh.com>
X-Mailer: Apple Mail (2.3826.600.51.1.1)
Message-ID-Hash: 32ESCASGPDI7YMM7EZKZRKHK5ZSWQBZ4
X-Message-ID-Hash: 32ESCASGPDI7YMM7EZKZRKHK5ZSWQBZ4
X-MailFrom: mellon@fugue.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop@ietf.org, David Conrad <drc@virtualized.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/f8jOwbXtJg91puZSjI5dsVwt9Jw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

I think a usefully relevant bibliography would have to include RFC8375 and BCP 163.

> On 3 May 2025, at 19:18, Philip Homburg <pch-dnsop-6@u-1.phicoh.com> wrote:
> 
>> Like:
>> 
>> RFC 2605
> 
> Maybe 2606?
> 
> It says:
> 
> "To safely satisfy these needs, four domain names are reserved as
> "listed and described below.
> "
> ".test
> ".example
> ".invalid
> ".localhost
> "
> "".test" is recommended for use in testing of current or new DNS
> "related code.
> "
> "".example" is recommended for use in documentation or as examples.
> "
> "".invalid" is intended for use in online construction of domain
> "names that are sure to be invalid and which it is obvious at a
> "glance are invalid.
> "
> "The ".localhost" TLD has traditionally been statically defined in
> "host DNS implementations as having an A record pointing to the
> "loop back IP address and is reserved for such use.  Any other use
> "would conflict with widely deployed code which assumes this use.
> 
> None of these is supposed to be used in production use for general end-user
> devices. Which the exception of localhost, which tends to be hardcoded in
> stub resolvers or is taken from /etc/hosts.
> 
>> RFC 7686
> 
> .onion
> 
> This is not DNS. Nobody is supposed to run a .onion zone anywhere. So
> no issue. From, a DNS point of view, this domain does not exist.
> 
>> RFC 9476
> 
> .alt
> 
> Again, not DNS. No need to worry about DNSSEC validation because no DNS
> is supposed to exist under .alt.
> 
> Can you explain how this is relevant to the .internal discussion
> which is specifically reserved to be used in DNS?
> 
>> As Paul points out, this suggests a need for documentation on how
>> an end-user device that happens to include a DNSSEC validator should
>> behave in the face of names that do not exist for some purpose.
> 
> I'm perfectly fine with delaying the .internal draft until such a 
> documentation has been created for general end-user devices.
> 
> I'm curious what it would look like. Do we expect end-users to know to
> add a negative trust anchor for .internal when they arrive at work and then
> remove it again when they go home?
> 
> Does this involve editing a random config file somewhere on the device?
> 
> _______________________________________________
> DNSOP mailing list -- dnsop@ietf.org
> To unsubscribe send an email to dnsop-leave@ietf.org

v2.31.3 | Report a Bug | By Email | System Status