[DNSOP] Fwd: Status of "let localhost be localhost"?

william manning <chinese.apricot@gmail.com> Sun, 06 August 2017 00:34 UTC

Return-Path: <chinese.apricot@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02EB6124B18 for <dnsop@ietfa.amsl.com>; Sat, 5 Aug 2017 17:34:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJfYq0PwLg9t for <dnsop@ietfa.amsl.com>; Sat, 5 Aug 2017 17:34:11 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FF6A1243F6 for <dnsop@ietf.org>; Sat, 5 Aug 2017 17:34:11 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id o9so16368340iod.1 for <dnsop@ietf.org>; Sat, 05 Aug 2017 17:34:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=vxtJn5y/YcnSzLsvfXUzzdGzHxNbvsbfY5elzEHb9HI=; b=JtvHtyYuY4T/Da11FbFHd8OWsKpue2L8CFwBnWaC3RHCPcp+QXp00otfFlh9aXPjTW cZPfAhQKTAzE4gY/yV2zH7t8dLIfIilUTbYHchU9/ccN8EMnaJrFSw/Tx6vXQMN4tlMq Cm8aMF1FabVrAONoBrLRydZJgBREoc65hEDTz1wI1LdGE8Ghb0+iM4V26QbhSgbWSh5U w7meDL/39wg0SwRaFythJfb5GFlHCUOGhkZo0suX+ne9cVRU/7e+C7Zsxh/2B88oO90j aB9b1mWiG0UHhvL1HTFkX184p84aoJXDwV9l7l+TP/5twtTkfzO0Qf6tyqT18Rv5daDg 0wGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=vxtJn5y/YcnSzLsvfXUzzdGzHxNbvsbfY5elzEHb9HI=; b=WWr5htMzFwgW3PfO96kH8QG8NKbHYCJ65oTOK9HQ3ngVTbpUaCdfiVxsx9/kTj3JNB FsSskMxkW6vK3rjsRtfBDJAybVx4vSUmsgByc/8h5Y8iGda+lwE+sdg6drYM+YkM9dEX KNAY3uoMS6zUQK1IrQXzr3/ZcsaQNZ0frLAAsci+EWPVIu8OBy3YdG+0Ad2k5N2Dg5tr byS0yAnyeuK2f2jI22dyV6EA4+brADBv21EhLsv2QSLrA3xSjmFzKoTsN39NZo++VSwi DekVTgbTdP63/KzzywEiWuYPzxpPFRAuOhmldgfmERMPeBL0HRk5kU14NioBTgTy9xpd Q+fg==
X-Gm-Message-State: AHYfb5gMM5WY/k4CsHtLWtffHnPJt2lNn6F4kDSp6GJTuw1dPq/oi/WR +y2N4j387PgMvlTi3/TfR8u/0DCXnA==
X-Received: by 10.107.183.139 with SMTP id h133mr7246480iof.125.1501979650621; Sat, 05 Aug 2017 17:34:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.59.9 with HTTP; Sat, 5 Aug 2017 17:34:09 -0700 (PDT)
In-Reply-To: <CACfw2hjPN8Pz8NcEux9RzK0dvsb+JDAK4M3tg60JHqWSD86C_w@mail.gmail.com>
References: <CAAiTEH9=RNDrUmSOs8Rg2Ea4+as9pg=j5jnU6Y=nc8A4Z1aPog@mail.gmail.com> <20170805210117.1123.qmail@ary.lan> <CACfw2hjPN8Pz8NcEux9RzK0dvsb+JDAK4M3tg60JHqWSD86C_w@mail.gmail.com>
From: william manning <chinese.apricot@gmail.com>
Date: Sat, 5 Aug 2017 17:34:09 -0700
Message-ID: <CACfw2hjG5v9tf3L3jM0yBJnEUJ11+2m+72dpxtovHTEEaSokSw@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0ba18289056e05560ae314"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mkGk1qeIlYQF3BZMkW6A9tJ7QKE>
Subject: [DNSOP] Fwd: Status of "let localhost be localhost"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Aug 2017 00:34:14 -0000

---------- Forwarded message ----------
From: william manning <chinese.apricot@gmail.com>
Date: Sat, Aug 5, 2017 at 5:33 PM
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
To: John Levine <johnl@taugh.com>


i think the question hinges on zone completion logic and fully qualified
domain names.

when localhost appears as:

localhost   IN  AAAA   3ffe:53::53

without the trailing dot, zone completion logic should ensure that it is
NOT treated as a TLD.
whereas if I code this:

localhost.  IN AAAA  3ffe:53::53

that is a clear indication that I am running my own root zone and defining
my own view of the DNS namespace for class IN.   Shouldn't apps depend on
the DNS to serve trustworthy, correct, data?

/Wm

On Sat, Aug 5, 2017 at 2:01 PM, John Levine <johnl@taugh.com> wrote:

> In article <CAAiTEH9=RNDrUmSOs8Rg2Ea4+as9pg=j5jnU6Y=nc8A4Z1aPog@mail.
> gmail.com> you write:
> >In the case where 'localhost' is being passed to DNS resolution software,
> a
> >validating stub (for example inside a web browser) needs a way to know
> that
> >the 'localhost' TLD should be treated as insecure.  In that case, the only
> >way to accomplish that is ...
>
>  ... by having the stub or cache treat localhost as a special case.
>
> I use unbound as my cache which as far as I know has always done that.
> Are there caches that don't?  Are there validating stubs that don't?
>
> My reading of this draft is that if you don't treat localhost as a
> special case already, it's time to get with the program.
>
> R's,
> John
>
> > with an insecure delegation at the root.
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>