Re: [DNSOP] .arpa

"John Levine" <> Thu, 23 March 2017 04:28 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5949C12943A for <>; Wed, 22 Mar 2017 21:28:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id b5Q-xjwxAtVq for <>; Wed, 22 Mar 2017 21:28:05 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CB94A12943D for <>; Wed, 22 Mar 2017 21:28:04 -0700 (PDT)
Received: (qmail 31383 invoked from network); 23 Mar 2017 04:28:03 -0000
Received: from unknown ( by with QMQP; 23 Mar 2017 04:28:03 -0000
Date: 23 Mar 2017 04:27:41 -0000
Message-ID: <20170323042741.79108.qmail@ary.lan>
From: "John Levine" <>
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <>
Subject: Re: [DNSOP] .arpa
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Mar 2017 04:28:06 -0000

In article <> you write:
>IETF is making a request of ICANN.  It seems to me homenet-dot should be revised:
>* take the relevant text out of the IANA considerations section
>* add a section that
>  - motivates and explicitly defines the desired entry in the root zone
>  - suggests that a request be made directly to ICANN 
>  - explicitly points out that no process for such a request exists, and it might be necessary for IETF and ICANN to develop a mutually
>acceptable process before the request from .homenet can be considered
>  - asks for IETF advice on this plan

Don't forget

  - waits many, many years while ICANN does what ICANN does about anything new

At this point I see the only plausible options as choose .homenet and
require all validating resolvers to special-case it, or choose and put whatever DNSSEC magic we need into .arpa.

While I don't think that the technical issues are particularly complex
around changing the rules to put a .homenet stub or opt-out in the
root, I can absolutely guarantee that if ICANN considers it, there
will be a long queue of opportunists insisting that their particular
awful root hacks are just like .homenet and ICANN has to do them, too.
They are wrong, but ICANN is poorly defended against people with a
mission and a lot of free time.