IETF Logo Mail Archive

[DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Adoption: draft-davies-internal-tld

Philip Homburg <pch-dnsop-6@u-1.phicoh.com> Sat, 03 May 2025 18:18 UTC

Return-Path: <pch-b6CAFA0C7@u-1.phicoh.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 9AEAC247174C for <dnsop@mail2.ietf.org>; Sat, 3 May 2025 11:18:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RaeC4cs28KZ1 for <dnsop@mail2.ietf.org>; Sat, 3 May 2025 11:18:54 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [45.83.6.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id E4ECC2471747 for <dnsop@ietf.org>; Sat, 3 May 2025 11:18:53 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (TLS version=TLSv1.2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305) (Smail #158) id m1uBHRs-0000LsC; Sat, 3 May 2025 20:18:52 +0200
Message-Id: <m1uBHRs-0000LsC@stereo.hq.phicoh.net>
To: dnsop@ietf.org
From: Philip Homburg <pch-dnsop-6@u-1.phicoh.com>
Sender: pch-b6CAFA0C7@u-1.phicoh.com
References: <1C9E8ABA-4399-491B-A9F4-D9ACCB1BA72C@virtualized.org> <C497EC3A-A06B-4DCC-B0C8-382A3424D7D5@strandkip.nl> <SA1PR15MB43700B9B2C9151FB31381082B3BC2@SA1PR15MB4370.namprd15.prod.outlook.com> <866409E5-0D9A-4669-8C6E-C9D1C7BDAA21@dnss.ec> <SA1PR15MB4370BAE2BD669193DDB9AE44B38D2@SA1PR15MB4370.namprd15.prod.outlook.com> <20250502171756.5AC67C762C3C@ary.qy> <SA1PR15MB43704113DF8B19A8A5A66AD6B38D2@SA1PR15MB4370.namprd15.prod.outlook.com> <4B83E121-9562-449C-A00E-2A31894ADED0@icann.org> <m1uBDWf-0000MlC@stereo.hq.phicoh.net> <9EE8E4CC-04A3-46C7-BDDF-EF538A822AA8@virtualized.org>
In-reply-to: Your message of "Sat, 03 May 2025 17:55:39 +0000 ." <9EE8E4CC-04A3-46C7-BDDF-EF538A822AA8@virtualized.org>
Date: Sat, 03 May 2025 20:18:51 +0200
Message-ID-Hash: U3D7GIIJ4MTYUXDVFNULB3AV5L76FJZH
X-Message-ID-Hash: U3D7GIIJ4MTYUXDVFNULB3AV5L76FJZH
X-MailFrom: pch-b6CAFA0C7@u-1.phicoh.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: David Conrad <drc@virtualized.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: [Ext] Re: [EXTERNAL] Re: Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yEiAk1uVCGWBC-Lbxn6Tuoe0Zac>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

> Like:
> 
> RFC 2605

Maybe 2606?

It says:

"To safely satisfy these needs, four domain names are reserved as
"listed and described below.
"
".test
".example
".invalid
".localhost
"
"".test" is recommended for use in testing of current or new DNS
"related code.
"
"".example" is recommended for use in documentation or as examples.
"
"".invalid" is intended for use in online construction of domain
"names that are sure to be invalid and which it is obvious at a
"glance are invalid.
"
"The ".localhost" TLD has traditionally been statically defined in
"host DNS implementations as having an A record pointing to the
"loop back IP address and is reserved for such use.  Any other use
"would conflict with widely deployed code which assumes this use.

None of these is supposed to be used in production use for general end-user
devices. Which the exception of localhost, which tends to be hardcoded in
stub resolvers or is taken from /etc/hosts.

> RFC 7686

.onion

This is not DNS. Nobody is supposed to run a .onion zone anywhere. So
no issue. From, a DNS point of view, this domain does not exist.

> RFC 9476 

.alt

Again, not DNS. No need to worry about DNSSEC validation because no DNS
is supposed to exist under .alt.

Can you explain how this is relevant to the .internal discussion
which is specifically reserved to be used in DNS?

> As Paul points out, this suggests a need for documentation on how
> an end-user device that happens to include a DNSSEC validator should
> behave in the face of names that do not exist for some purpose.

I'm perfectly fine with delaying the .internal draft until such a 
documentation has been created for general end-user devices.

I'm curious what it would look like. Do we expect end-users to know to
add a negative trust anchor for .internal when they arrive at work and then
remove it again when they go home?

Does this involve editing a random config file somewhere on the device?

v2.31.3 | Report a Bug | By Email | System Status