Re: [DNSOP] WG review of draft-ietf-homenet-dot-03

Philip Homburg <pch-dnsop-2@u-1.phicoh.com> Tue, 21 March 2017 13:28 UTC

Return-Path: <pch-bF054DD66@u-1.phicoh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75F0E129871 for <dnsop@ietfa.amsl.com>; Tue, 21 Mar 2017 06:28:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85lGjJhjDmRd for <dnsop@ietfa.amsl.com>; Tue, 21 Mar 2017 06:28:47 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo6-tun.hq.phicoh.net [IPv6:2001:888:1044:10:2a0:c9ff:fe9f:17a9]) by ietfa.amsl.com (Postfix) with ESMTP id 19A64126D73 for <dnsop@ietf.org>; Tue, 21 Mar 2017 06:28:45 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #130) id m1cqJq7-0000HhC; Tue, 21 Mar 2017 14:28:43 +0100
Message-Id: <m1cqJq7-0000HhC@stereo.hq.phicoh.net>
To: dnsop@ietf.org
From: Philip Homburg <pch-dnsop-2@u-1.phicoh.com>
Sender: pch-bF054DD66@u-1.phicoh.com
References: <BE2A3845-D8AA-433A-9F00-1056ECFD335F@fugue.com> <21C8F856-FE3F-42A6-A8ED-888D0797B68B@vigilsec.com> <60C85486-E351-4C42-ADEB-FCBB56F4EA27@fugue.com> <AB11455F-7E43-4CB3-9F13-DB6A09F739EB@vigilsec.com> <CEC8CC6A-861A-471C-B7FA-4BB05C81CCF0@gmail.com> <F7AA49EF-2708-4948-9B60-6660DA6BC841@vigilsec.com> <734EC35A-4B1F-43EB-BE37-C34CA46BDA26@fugue.com> <203D2BEA-1008-48A0-9CE2-1FD621C6117F@shinkuro.com> <3134EDC2-FB00-41EA-8338-6E6B196137F1@fugue.com> <572B4EBA-F37F-4E92-A252-44BAF5DE7FF5@shinkuro.com> <20170321004827.GA25754@mournblade.imrryr.org>
In-reply-to: Your message of "Tue, 21 Mar 2017 00:48:27 +0000 ." <20170321004827.GA25754@mournblade.imrryr.org>
Date: Tue, 21 Mar 2017 14:28:42 +0100
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/kGS6gz9CykMu3CQqtTThVIu2aHE>
Subject: Re: [DNSOP] WG review of draft-ietf-homenet-dot-03
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 13:28:49 -0000

> FWIW, when adding DANE support to Postfix, it was plainly obvious
> that DNSSEC validation belongs in the local resolver, and Postfix
> just needs to trust its "AD" bit.  The only thing missing from the
> traditional libresolv API is some way for the application to specify
> the resolver address list from the application (as "127.0.0.1"
> and/or "::1").  Some systems have a newer stub API (res_nquery,
> ...), but this API is not yet sufficiently universal.

For me (not DANE, but SSHFP, not a lot of difference) it was very clear that
an interface like getdns is a lot better than sending DNS packets to localhost
and hope that something will do the right thing.

Obviously, getdns could be implemented by talking to a local recursive
resolver. But that's just an implementation detail.