Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02

Wes Hardaker <> Thu, 01 February 2018 21:51 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BB03C126C3D for <>; Thu, 1 Feb 2018 13:51:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sIxGXZmxIOEu for <>; Thu, 1 Feb 2018 13:51:20 -0800 (PST)
Received: from (unknown []) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id AE35F1242EA for <>; Thu, 1 Feb 2018 13:51:19 -0800 (PST)
Received: from localhost ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id 612D924A83; Thu, 1 Feb 2018 13:50:48 -0800 (PST)
From: Wes Hardaker <>
To: Andrew Sullivan <>
References: <> <> <> <> <> <> <> <> <> <> <>
Date: Thu, 01 Feb 2018 13:50:43 -0800
In-Reply-To: <> (Andrew Sullivan's message of "Thu, 1 Feb 2018 15:48:33 -0500")
Message-ID: <>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <>
Subject: Re: [DNSOP] WGLC for draft-ietf-dnsop-let-localhost-be-localhost-02
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 01 Feb 2018 21:51:22 -0000

Andrew Sullivan <> writes:

> But of course, there _is_ a name "localhost" in the DNS.
> It's already defined, in the RFCs, to this effect.

You can probably have your cake and eat it too by saying "sure,
hypothetically it exists in the DNS because it's magically reserved in
an RFC; but there is no data for it so any queries for it for any type
will always return 'does not exist'".  See!  Problem solved!

Returning anything other than NXDOMAIN and NSEC* for it is crazy,
because the reality is that the name does not exist in the root zone
data (and should not exist).  Let's not start adding special exceptions.

We could do something crazy like "return NXDOMAIN" and don't set the
AA bit, because the DNS is not authoritative for that domain (and
others, like .onion).  But I'm not sure that helps anyone, and adds
unneeded complexity to an already too complex code base.

Wes Hardaker