IETF Logo Mail Archive

[DNSOP] Re: Is .INTERNAL a special use domain name?

Philip Homburg <pch-dnsop-6@u-1.phicoh.com> Thu, 13 February 2025 20:10 UTC

Return-Path: <pch-b6CAFA0C7@u-1.phicoh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 551B5C14F74A for <dnsop@ietfa.amsl.com>; Thu, 13 Feb 2025 12:10:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBlw_foOICsw for <dnsop@ietfa.amsl.com>; Thu, 13 Feb 2025 12:10:10 -0800 (PST)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [IPv6:2a10:3781:2413:1:2a0:c9ff:fe9f:17a9]) (using TLSv1.2 with cipher ECDHE-ECDSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83A6BC14F6A3 for <dnsop@ietf.org>; Thu, 13 Feb 2025 12:04:44 -0800 (PST)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (TLS version=TLSv1.2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305) (Smail #158) id m1tifRx-0000NOC; Thu, 13 Feb 2025 21:04:41 +0100
Message-Id: <m1tifRx-0000NOC@stereo.hq.phicoh.net>
To: dnsop@ietf.org
From: Philip Homburg <pch-dnsop-6@u-1.phicoh.com>
Sender: pch-b6CAFA0C7@u-1.phicoh.com
References: <3AB732CF-F095-4110-AD1A-077D77AAA05D@iana.org> <3d8096c8-bec1-4dfb-8e02-fa47278f9ede@isc.org>
In-reply-to: Your message of "Thu, 13 Feb 2025 17:27:24 +0100 ." <3d8096c8-bec1-4dfb-8e02-fa47278f9ede@isc.org>
Date: Thu, 13 Feb 2025 21:04:40 +0100
Message-ID-Hash: EXLWYBQV5QIWG5JML4ISLCNZ4CMJZKI3
X-Message-ID-Hash: EXLWYBQV5QIWG5JML4ISLCNZ4CMJZKI3
X-MailFrom: pch-b6CAFA0C7@u-1.phicoh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Is .INTERNAL a special use domain name?
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/t0YO2WhdQQ94SThsr1nIrajg7vA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

> Logic behind this proposal follows:
> 
> #1 I can't see any difference between the intended use of: 
> - 10.in-addr.arpa.
> - internal.
> 
> #2 RFC 6761 section 6.1 already established special rules for
> 10.in-addr.arpa.

The draft has the following:
The "internal" top-level domain provides this purpose in the DNS. Such
domains will not resolve in the global DNS, but can be configured within
closed networks as the network operator sees fit.

I think that is the difference between .internal and 10.in-addr.arpa. I
expect 10.in-addr.arpa. to resolve in the global DNS. RFC-1918 address do
leak and there is no reason to expect every piece of software to have
filter in place to catch reverse DNS lookups for those addresses.

There seems to be an argument that for the convenience of DNSSEC, private
domains have to resolve in the global DNS. Maybe we need to actually
say that in some RFC. Or solve this issue in a different way.

v2.37.1 | Report a Bug | By Email | System Status