IETF Logo Mail Archive

Re: [DNSOP] DNSSEC in local networks

"Walter H." <walter.h@mathemainzel.info> Mon, 04 September 2017 12:54 UTC

Return-Path: <walter.h@mathemainzel.info>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93EBE13202D for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 05:54:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.721
X-Spam-Level:
X-Spam-Status: No, score=-2.721 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mathemainzel.info
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uxVu4Jpe9I0V for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 05:54:44 -0700 (PDT)
Received: from mx01lb.world4you.com (mx01lb.world4you.com [81.19.149.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEEA9126BFD for <dnsop@ietf.org>; Mon, 4 Sep 2017 05:54:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mathemainzel.info; s=dkim11; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:To:From:Subject:Date:References:In-Reply-To:Message-ID; bh=KsX1IidVlQ1iKetas43R9CHX5Cflzg7Wf1WieXylnBM=; b=weDdxm5AgFhWuE/9et/XxRaQkxzOIMM68UiI+TpcHac+9qiUOWMLIzRuJ9sscXDkQhe9q66hjSILPrvunhQTjjp367pRbHT6zIZH0T1ipIter2vH7Z5UhvqDY+UluqeIJlAzSekIXQhBavq0th0IATQo/1rGa6FByncXOVgv0AI=;
Received: from [90.146.55.206] (helo=home.mail) by mx01lb.world4you.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.84_2) (envelope-from <walter.h@mathemainzel.info>) id 1doqtk-0002s0-LO; Mon, 04 Sep 2017 14:54:40 +0200
Message-ID: <efe320cf9580d4c1bb2b26dd1c294306.1504529679@squirrel.mail>
In-Reply-To: <20170904122222.C270F8413534@rock.dv.isc.org>
References: <150428805872.6417.9525310755360551475@ietfa.amsl.com> <59A9B760.2060209@mathemainzel.info> <alpine.DEB.2.11.1709012044210.2676@grey.csi.cam.ac.uk> <59A9BCA2.6060008@mathemainzel.info> <20170903043202.GA18082@besserwisser.org> <59AC4E42.9080600@mathemainzel.info> <60304450-DFA3-4982-B01D-CC33C49BDCFC@isc.org> <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail> <3B75D240-13B9-4A94-B56D-24E83B4A4A8F@rfc1035.com> <3fe7bc511a990b0288b645dc176e1ef3.1504515284@squirrel.mail> <20170904090455.4249F8411CFC@rock.dv.isc.org> <c0c73dab49c6452c616c86656704ecd0.1504518603@squirrel.mail> <20170904122222.C270F8413534@rock.dv.isc.org>
Date: Mon, 04 Sep 2017 14:54:39 +0200
From: "Walter H." <walter.h@mathemainzel.info>
To: Mark Andrews <marka@isc.org>
Cc: "Walter H." <walter.h@mathemainzel.info>, Jim Reid <jim@rfc1035.com>, dnsop WG <dnsop@ietf.org>
User-Agent: Mozilla/5.0 (UNIX; U; Cray X-MP/48; en-US; rv:2.70) Gecko/20110929 Communicator/7.20
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-SA-Do-Not-Run: Yes
X-AV-Do-Run: Yes
X-SA-Exim-Connect-IP: 90.146.55.206
X-SA-Exim-Mail-From: walter.h@mathemainzel.info
X-SA-Exim-Scanned: No (on mx01lb.world4you.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/rTQu74A-L9UdHjrgwKaPd3BRWzw>
Subject: Re: [DNSOP] DNSSEC in local networks
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2017 12:54:46 -0000

On Mon, September 4, 2017 14:22, Mark Andrews wrote:
>
> In message <c0c73dab49c6452c616c86656704ecd0.1504518603@squirrel.mail>,
> "Walter H." writes:
>> where there anyone who said: "don't use it", 15 years ago?
>
> Yes.  There were lots that discourage the use of .local, lan,
> .corp etc.  Just becaue you didn't hear from them doesn't mean
> they weren't out there.

a discourage is not a "don't use" :-)

>> > 'home.arpa' is in the process of being registered so that it
>> > can be used safely in the environment it is designed to be used in.
>>
>> yes, but commonly for residental networks, not company/enterprise
>> networks,
>> they want/need something shorter like ".corp", ".lan", ".local", ...
>
> Want maybe, need absolutely not.
question: why isn't this the answer of a car dealer?

> Everyone was told to register the domain you want to use, there was
> no exception for active directory.

not really, at those days only a few TLDs where possible, the many TLDs
came some years later ...

by the way: where is the problem with .home or .corp?
I ask this, because at my hoster I pre-reserved my "local domain" - a
.home, that I have used for many years several zears ago and nothing
happened ...

> IPv6 would have been deployed a lot sooner. :-)

not really, my ISP is still IPv4 only ..., my IPv6 connectivity is a
HE-tunnel ...
and the brand new OS from Microsoft still has the bugs inside: TEREDO, ...
which I had to deactivate first, before it is usable with IPv6 at all ...

> Except such systems exist.  Go look at what a Mac does.  ping for
> test.local and look and port 5353 traffic and compare it to port 53
> traffic.

I know, this RFC was written by Apple;

no Apple no problem, I would say :-)

v2.23.0 | Report a Bug | By Email