Re: [DNSOP] [homenet] My assessment of .homenet as described during the WG session yesterday.

Steve Crocker <steve@shinkuro.com> Thu, 30 March 2017 18:11 UTC

Return-Path: <steve@shinkuro.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95EA11299CF; Thu, 30 Mar 2017 11:11:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nw6vyeyotx5e; Thu, 30 Mar 2017 11:11:03 -0700 (PDT)
Received: from execdsl.com (remote.shinkuro.com [50.56.68.178]) by ietfa.amsl.com (Postfix) with ESMTP id 1EFDE128D3E; Thu, 30 Mar 2017 11:11:03 -0700 (PDT)
Received: from dummy.name; Thu, 30 Mar 2017 18:11:02 +0000
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Steve Crocker <steve@shinkuro.com>
In-Reply-To: <4075745.jMg8SJvaMW@linux-hs2j>
Date: Thu, 30 Mar 2017 14:11:00 -0400
Cc: "Stephen D. Crocker" <steve@shinkuro.com>, "dnsop@ietf.org WG" <dnsop@ietf.org>, Brian Dickson <brian.peter.dickson@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, Mark Townsley <mark@townsley.net>, HOMENET <homenet@ietf.org>, Terry Manderson <terry.manderson@icann.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D3F59F43-D1D2-4F2B-A29C-B8B3E90CB304@shinkuro.com>
References: <DAC83E33-A206-4EAA-BC96-E26ACCC013A6@icann.org> <20170330052006.008D66A4B0BE@rock.dv.isc.org> <CAH1iCir+ymEPi31f+ynCrPT4kfumPTLFMuyG4HdnnxYbbfg82w@mail.gmail.com> <4075745.jMg8SJvaMW@linux-hs2j>
To: Paul Vixie <paul@redbarn.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mHVRjb_CLFD_kK8exKAzFse7gno>
Subject: Re: [DNSOP] [homenet] My assessment of .homenet as described during the WG session yesterday.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 18:11:15 -0000

On the other hand, might there be value in seeing how much errant traffic goes to the root so it can be reported and used to inform vendors, network architects, network administrators, et al?

Given the amount of bogus traffic already goes to the root, I’m not immediately worried this will increase the traffic level to a point of concern.

And I remain puzzled as to why a simple NXDOMAIN response from the root isn’t exactly the right thing and why it matters whether it’s signed or not.

Steve

> On Mar 30, 2017, at 2:05 PM, Paul Vixie <paul@redbarn.org> wrote:
> 
> On Thursday, March 30, 2017 5:54:50 PM GMT Brian Dickson wrote:
>> Mark,
>> 
>> When I say, "never reaches the roots", this is what I mean:
>> Resolution of "example.<homenet-label>" is, by design, intercepted by
>> homenet resolvers, and never reaches the outside world.
>> Do you concur with this statement?
>> 
>> ...
> 
> i'm not mark, but i'd like to speak on a related topic.
> 
> by design, queries that result in RFC 1918 addresses, and queries for RFC 1918 
> PTR names, were to be intercepted by local resolvers.
> 
> let me know if you can't access DNS-OARC's DITL archives, which will show you 
> how prominent both kinds those queries loom in actual root name service load.
> 
> i predict that foo.bar.<homenetlabel> will do likewise, whatever its design. 
> this is the one saving grace in asking for a real root zone delegation: we can 
> add an NS pointing to localhost, and try to get subsequent queries to go to 
> heck rather than to the root servers.
> 
> vixie
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop