Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

[神明達哉 <jinmei@wide.ad.jp>]

At Fri, 26 Jan 2018 12:47:29 +0100,
Petr Špaček <petr.spacek@nic.cz> wrote:

> > I myself don't have a particular opinion on whether to send it to the
> > IESG, but I don't think it's ready for it based on my understanding of
> > the WG discussion so far.  In particular, I don't think I saw a wg
> > consensus about one major objection to the idea: "I'd like to keep my
> > right of configuring my DNS servers (authoritative or recursive) to
> > return whatever I want to 'localhost' queries".  Again, I personally
> > don't claim this right, but I see the concern.  If my observation is
>
> Software is still free to provide knobs to deviate its behavior from
> RFC, which is nothing unusual when it comes to DNS(SEC).
>
> Is there a real problem to solve? My understanding is that this document
> is stating what software should do by default.

Hmm, that's different from my interpretation of the draft.  According
to my usual interpretation of IETF docs, I would interpret these from
Section 3:

   3.  Name resolution APIs and libraries MUST recognize localhost names
       as special, and MUST always return an appropriate IP loopback
       address for IPv4 and IPv6 address queries and negative responses
       for all other query types.  Name resolution APIs MUST NOT send
       queries for localhost names to their configured recursive DNS
       server(s).

       As for application software, name resolution APIs and libraries
       MUST NOT use a searchlist to resolve a localhost name.

   4.  (Caching) recursive DNS servers MUST respond to queries for
       localhost names with NXDOMAIN.

   5.  Authoritative DNS servers MUST respond to queries for localhost
       names with NXDOMAIN.

as these are requirements without a user-configurable knob.  If the
actual intent was just to specify the default behavior with a
configurable knob, I'd expect SHOULD-variants are used in cases like
these.

--
JINMEI, Tatuya