IETF Logo Mail Archive

Re: [DNSOP] DNS names for local networks - not only home residental networks ...

Mark Andrews <marka@isc.org> Mon, 04 September 2017 08:58 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B04E11321AA for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 01:58:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, PP_MIME_FAKE_ASCII_TEXT=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aaKEDX57H-D3 for <dnsop@ietfa.amsl.com>; Mon, 4 Sep 2017 01:58:50 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C417C13248B for <dnsop@ietf.org>; Mon, 4 Sep 2017 01:58:49 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.ams1.isc.org (Postfix) with ESMTPS id 76E6624AE34; Mon, 4 Sep 2017 08:58:38 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 21E0316007F; Mon, 4 Sep 2017 08:58:45 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 0A21016007E; Mon, 4 Sep 2017 08:58:45 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id MQhQcMZwtwNd; Mon, 4 Sep 2017 08:58:44 +0000 (UTC)
Received: from rock.dv.isc.org (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id A337E16005C; Mon, 4 Sep 2017 08:58:44 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 890C28411BA8; Mon, 4 Sep 2017 18:58:40 +1000 (AEST)
To: "Walter H." <walter.h@mathemainzel.info>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
From: Mark Andrews <marka@isc.org>
References: <150428805872.6417.9525310755360551475@ietfa.amsl.com> <59A9B760.2060209@mathemainzel.info> <alpine.DEB.2.11.1709012044210.2676@grey.csi.cam.ac.uk> <59A9BCA2.6060008@mathemainzel.info> <20170903043202.GA18082@besserwisser.org> <59AC4E42.9080600@mathemainzel.info> <60304450-DFA3-4982-B01D-CC33C49BDCFC@isc.org> <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>
In-reply-to: Your message of "Mon, 04 Sep 2017 08:12:39 +0200." <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>
Date: Mon, 04 Sep 2017 18:58:40 +1000
Message-Id: <20170904085840.890C28411BA8@rock.dv.isc.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/z0YQ4L_a8EPA9qR9NUeXKrOcJGo>
Subject: Re: [DNSOP] DNS names for local networks - not only home residental networks ...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Sep 2017 08:58:52 -0000

In message <59f8c88caaf82a5884aa87223d49e7e4.1504505559@squirrel.mail>, "Walter
 H." writes:
> On Sun, September 3, 2017 23:38, Mark Andrews wrote:
> >> ]On 4 Sep 2017, at 4:47 am, Walter H. <Walter.H@mathemainzel.info>
> >> wrote:
> >>
> >> even if I fully ACK this, but 15 years ago, nobody said, that  ".local",
> >> ... would conflict one day ...
> >> and also the company I work for has decided at these times to use a
> >> ".local" as internal domain and AD;
> >> now it is impossible to change this ...
> >
> > Why would anyone tell you that “.local” would conflict when you were
> > supposed
> > to register a name *before* using it.
> 
> NAK: because there are two points:
> the 1st: uniqueness is not a requirement here
> the 2nd: global knowledge of locally used names might raise a security
> problem ...

Except you misses the entire point of getting a registered name,
that is to be able to use it safely without anyone trampling on its
use.  'home.arpa' is in the process of being registered so that it
can be used safely in the environment it is designed to be used in.

Yes, 'home.arpa' will be registered.  It's a different type of
registration to the one that is normally done by talking to your
friendly DNS registrar but it is a registration.

> > If you are doing AD correctly you should be able to register you machines
> > wherever
> > they connect to the Internet and that requires a public registration.
> 
> you could that also say the other way round: if the folks had done their
> job correct and made a DNS-pendant to RFC1918, many enterprises wouldn't
> have the problems now, which are unresolveable ...

Names are not addresses.  They have different properties.
 
> by the way: why are you discussing about DNSSEC for names that are used
> only locally?

I'm discussing about putting names through the DNSSEC validator and
not having the fail validation.  It is also possible to use DNSSEC
within home.arpa.  It requires more care especially if you have a
mobile device but it is possible.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.14.0 | Report a Bug | By Email