[DNSOP] Fwd: Status of "let localhost be localhost"?

william manning <chinese.apricot@gmail.com> Sun, 06 August 2017 00:34 UTC

Return-Path: <chinese.apricot@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 02EB6124B18 for <dnsop@ietfa.amsl.com>; Sat, 5 Aug 2017 17:34:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id yJfYq0PwLg9t for <dnsop@ietfa.amsl.com>; Sat, 5 Aug 2017 17:34:11 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FF6A1243F6 for <dnsop@ietf.org>; Sat, 5 Aug 2017 17:34:11 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id o9so16368340iod.1 for <dnsop@ietf.org>; Sat, 05 Aug 2017 17:34:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=vxtJn5y/YcnSzLsvfXUzzdGzHxNbvsbfY5elzEHb9HI=; b=JtvHtyYuY4T/Da11FbFHd8OWsKpue2L8CFwBnWaC3RHCPcp+QXp00otfFlh9aXPjTW cZPfAhQKTAzE4gY/yV2zH7t8dLIfIilUTbYHchU9/ccN8EMnaJrFSw/Tx6vXQMN4tlMq Cm8aMF1FabVrAONoBrLRydZJgBREoc65hEDTz1wI1LdGE8Ghb0+iM4V26QbhSgbWSh5U w7meDL/39wg0SwRaFythJfb5GFlHCUOGhkZo0suX+ne9cVRU/7e+C7Zsxh/2B88oO90j aB9b1mWiG0UHhvL1HTFkX184p84aoJXDwV9l7l+TP/5twtTkfzO0Qf6tyqT18Rv5daDg 0wGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=vxtJn5y/YcnSzLsvfXUzzdGzHxNbvsbfY5elzEHb9HI=; b=WWr5htMzFwgW3PfO96kH8QG8NKbHYCJ65oTOK9HQ3ngVTbpUaCdfiVxsx9/kTj3JNB FsSskMxkW6vK3rjsRtfBDJAybVx4vSUmsgByc/8h5Y8iGda+lwE+sdg6drYM+YkM9dEX KNAY3uoMS6zUQK1IrQXzr3/ZcsaQNZ0frLAAsci+EWPVIu8OBy3YdG+0Ad2k5N2Dg5tr byS0yAnyeuK2f2jI22dyV6EA4+brADBv21EhLsv2QSLrA3xSjmFzKoTsN39NZo++VSwi DekVTgbTdP63/KzzywEiWuYPzxpPFRAuOhmldgfmERMPeBL0HRk5kU14NioBTgTy9xpd Q+fg==
X-Gm-Message-State: AHYfb5gMM5WY/k4CsHtLWtffHnPJt2lNn6F4kDSp6GJTuw1dPq/oi/WR +y2N4j387PgMvlTi3/TfR8u/0DCXnA==
X-Received: by with SMTP id h133mr7246480iof.125.1501979650621; Sat, 05 Aug 2017 17:34:10 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Sat, 5 Aug 2017 17:34:09 -0700 (PDT)
In-Reply-To: <CACfw2hjPN8Pz8NcEux9RzK0dvsb+JDAK4M3tg60JHqWSD86C_w@mail.gmail.com>
References: <CAAiTEH9=RNDrUmSOs8Rg2Ea4+as9pg=j5jnU6Y=nc8A4Z1aPog@mail.gmail.com> <20170805210117.1123.qmail@ary.lan> <CACfw2hjPN8Pz8NcEux9RzK0dvsb+JDAK4M3tg60JHqWSD86C_w@mail.gmail.com>
From: william manning <chinese.apricot@gmail.com>
Date: Sat, 5 Aug 2017 17:34:09 -0700
Message-ID: <CACfw2hjG5v9tf3L3jM0yBJnEUJ11+2m+72dpxtovHTEEaSokSw@mail.gmail.com>
To: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0ba18289056e05560ae314"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/mkGk1qeIlYQF3BZMkW6A9tJ7QKE>
Subject: [DNSOP] Fwd: Status of "let localhost be localhost"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Aug 2017 00:34:14 -0000

---------- Forwarded message ----------
From: william manning <chinese.apricot@gmail.com>
Date: Sat, Aug 5, 2017 at 5:33 PM
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
To: John Levine <johnl@taugh.com>

i think the question hinges on zone completion logic and fully qualified
domain names.

when localhost appears as:

localhost   IN  AAAA   3ffe:53::53

without the trailing dot, zone completion logic should ensure that it is
NOT treated as a TLD.
whereas if I code this:

localhost.  IN AAAA  3ffe:53::53

that is a clear indication that I am running my own root zone and defining
my own view of the DNS namespace for class IN.   Shouldn't apps depend on
the DNS to serve trustworthy, correct, data?


On Sat, Aug 5, 2017 at 2:01 PM, John Levine <johnl@taugh.com> wrote:

> In article <CAAiTEH9=RNDrUmSOs8Rg2Ea4+as9pg=j5jnU6Y=nc8A4Z1aPog@mail.
> gmail.com> you write:
> >In the case where 'localhost' is being passed to DNS resolution software,
> a
> >validating stub (for example inside a web browser) needs a way to know
> that
> >the 'localhost' TLD should be treated as insecure.  In that case, the only
> >way to accomplish that is ...
>  ... by having the stub or cache treat localhost as a special case.
> I use unbound as my cache which as far as I know has always done that.
> Are there caches that don't?  Are there validating stubs that don't?
> My reading of this draft is that if you don't treat localhost as a
> special case already, it's time to get with the program.
> R's,
> John
> > with an insecure delegation at the root.
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop