Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
Petr Špaček <petr.spacek@nic.cz> Fri, 26 January 2018 16:32 UTC
Return-Path: <petr.spacek@nic.cz>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AAE1612AAB6 for <dnsop@ietfa.amsl.com>; Fri, 26 Jan 2018 08:32:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.01
X-Spam-Level:
X-Spam-Status: No, score=-7.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nic.cz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Apyur-LlZx4 for <dnsop@ietfa.amsl.com>; Fri, 26 Jan 2018 08:32:35 -0800 (PST)
Received: from mail.nic.cz (mail.nic.cz [IPv6:2001:1488:800:400::400]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12B7C126B6E for <dnsop@ietf.org>; Fri, 26 Jan 2018 08:32:35 -0800 (PST)
Received: from [IPv6:2001:1488:fffe:6:9894:11ff:fe44:fce9] (unknown [IPv6:2001:1488:fffe:6:9894:11ff:fe44:fce9]) by mail.nic.cz (Postfix) with ESMTPSA id 6699064DA8; Fri, 26 Jan 2018 17:32:33 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nic.cz; s=default; t=1516984353; bh=XBEKcdue5Z3HgVni9RyOdl6ZCDTy3TFthwz/bOioxxQ=; h=To:From:Date; b=Swuq9XkRbio8I8GBxgRkI59S/mvEfDmila5bdnhjkbeUAElA13l1XxowyLCnsCIYh cGyf/B/r4Ro7NuVd6Ji5Tc6pUYQQz2Ckt5rASiZNBPjIV+rkLHoHlwyVssdz/aXZyw hCSNjiz1ly2RqBeXLniXoomWThkk64Nm5qBMINBY=
To: 神明達哉 <jinmei@wide.ad.jp>
Cc: dnsop <dnsop@ietf.org>
References: <9DCE2F63-EE37-4865-B9D6-6B79BBE05593@gmail.com> <CAJE_bqcSirZyfr7PKhf=ttMxf=DeMVeJPNPn=R-HS2cH3Z-nPw@mail.gmail.com> <8e69dac2-359b-d528-45e5-05604f4dbf90@nic.cz> <CAJE_bqdeDRmN78dE5VUYDB6y-fXfUK9gSOkjJxszcP0WjjR9dw@mail.gmail.com>
From: Petr Špaček <petr.spacek@nic.cz>
Organization: CZ.NIC
Message-ID: <3eb04472-82f0-9dd9-0922-4e6cd4f825e6@nic.cz>
Date: Fri, 26 Jan 2018 17:32:33 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
MIME-Version: 1.0
In-Reply-To: <CAJE_bqdeDRmN78dE5VUYDB6y-fXfUK9gSOkjJxszcP0WjjR9dw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.99.2 at mail
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iaA9P7IlDADtkNvm8J5apBfSeSI>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Jan 2018 16:32:38 -0000
On 26.1.2018 17:22, 神明達哉 wrote: > At Fri, 26 Jan 2018 12:47:29 +0100, > Petr Špaček <petr.spacek@nic.cz> wrote: > >>> I myself don't have a particular opinion on whether to send it to the >>> IESG, but I don't think it's ready for it based on my understanding of >>> the WG discussion so far. In particular, I don't think I saw a wg >>> consensus about one major objection to the idea: "I'd like to keep my >>> right of configuring my DNS servers (authoritative or recursive) to >>> return whatever I want to 'localhost' queries". Again, I personally >>> don't claim this right, but I see the concern. If my observation is >> >> Software is still free to provide knobs to deviate its behavior from >> RFC, which is nothing unusual when it comes to DNS(SEC). >> >> Is there a real problem to solve? My understanding is that this document >> is stating what software should do by default. > > Hmm, that's different from my interpretation of the draft. According > to my usual interpretation of IETF docs, I would interpret these from > Section 3: > > 3. Name resolution APIs and libraries MUST recognize localhost names > as special, and MUST always return an appropriate IP loopback > address for IPv4 and IPv6 address queries and negative responses > for all other query types. Name resolution APIs MUST NOT send > queries for localhost names to their configured recursive DNS > server(s). > > As for application software, name resolution APIs and libraries > MUST NOT use a searchlist to resolve a localhost name. > > 4. (Caching) recursive DNS servers MUST respond to queries for > localhost names with NXDOMAIN. > > 5. Authoritative DNS servers MUST respond to queries for localhost > names with NXDOMAIN. > > as these are requirements without a user-configurable knob. If the > actual intent was just to specify the default behavior with a > configurable knob, I'd expect SHOULD-variants are used in cases like > these. Oh, I can see your point. Let me rephrase what I'm trying to say: I personally agree with the doc, it makes sense to me, and I do not believe that its wording prevent anyone from adding knobs they want. Software in the end will do whatever its developers wanted, which might include knob to override any part of spec. An example: RFC 4033 clearly states what should be done if result of validation is "Bogus". Nonetheless, Unbound has "val-permissive-mode: yes" which enables admin to pass bogus answers. This is not to point finger to Unbound or anyone else! I'm just demostrating that standard can be technically right, and still there can be knobs allowing non-standard behavior. (Do not get me started about stub zones, forwarding, ... and the other half of DNS :-)) I hope it clarifies the point. -- Petr Špaček @ CZ.NIC
- [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-b… Suzanne Woolf
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Bob Harold
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Tony Finch
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… 神明達哉
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Darcy Kevin (FCA)
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Lanlan Pan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Jaap Akkerhuis
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… 神明達哉
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Petr Špaček
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… 神明達哉
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… 神明達哉
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Bob Harold
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ray Bellis
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Tony Finch
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ray Bellis
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Tony Finch
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Wes Hardaker
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Paul Vixie
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Joe Abley
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Joe Abley
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Bob Harold
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Lanlan Pan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Mark Andrews
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Matthew Kerwin
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Lanlan Pan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Lanlan Pan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Warren Kumari
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Joe Abley
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Joe Abley
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Warren Kumari
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Viktor Dukhovni
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Andrew Sullivan
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Åke Nordin
- [DNSOP] Search lists revisited (Was: WGLC for dra… Stephane Bortzmeyer
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Tony Finch
- Re: [DNSOP] Search lists revisited (Was: WGLC for… Paul Vixie
- Re: [DNSOP] Search lists revisited (Was: WGLC for… Ted Lemon
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Suzanne Woolf
- Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localho… Stephane Bortzmeyer