IETF Logo Mail Archive

[DNSOP] Re: Call for Adoption: draft-davies-internal-tld

John Levine <johnl@taugh.com> Fri, 18 April 2025 20:16 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id BFDE41E46318 for <dnsop@mail2.ietf.org>; Fri, 18 Apr 2025 13:16:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b="ZRq1qj9m"; dkim=pass (2048-bit key) header.d=taugh.com header.b="EM1qzrqm"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cybUB2Gj0ufH for <dnsop@mail2.ietf.org>; Fri, 18 Apr 2025 13:16:15 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 511711E46313 for <dnsop@ietf.org>; Fri, 18 Apr 2025 13:16:15 -0700 (PDT)
Received: (qmail 87684 invoked from network); 18 Apr 2025 20:16:14 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=156826802b30e.k2504; t=1745007364; x=1745352964; bh=Uv5fwDmn/Pee0nPfDkygnz/qt/8Sd1Lz0LQNQmtZ4ps=; b=ZRq1qj9mRKy4xysidntfJGoBeOXK5TKB0VhvDfDcKhCQHBgBCimcbInzWhYO8e1LANayLpjAm6SptPA9BlFnoy9A2d3rrpEn4PVcANtaZh6rqmL5bWqTsUbXTIs4g29wVpZtaeYf9ZiiENEZq7kaNBFZiZ5I2UmD8ZqALuFh6AVqTCCaKM8XDxFilniLv7sKOKr3+brScke3easJuX+sAnRn5DrtUMLsRWOwETOosyROLi6ueSbzShlVn0HWHMj8O3Uwcr8SRKeexnzVuV+jIt/xa6IQ8BQvgXyxpbpo8g2r2gHnUIvi8MeX0r297B775V7iBBQOEejoJ/9LNnw9SA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding:cleverness; s=156826802b30e.k2504; bh=Uv5fwDmn/Pee0nPfDkygnz/qt/8Sd1Lz0LQNQmtZ4ps=; b=EM1qzrqmc7Ho+j9onIIXgndfRZ/eqJpUTUhvVF4wSX+YXicvVGHBTMaYhErPslZgNeHDPzCM31AQPpbuwSpVIuyYE7iSmkjUCGMdajdtJoaP0m9rDNJw+Zgh+N7ueljM5yDdngat6z3+NOZkVojt2syNbBrlDCvHyTzMyg2WLMO+hItrMUufX43hs26OLT+ushzv/mJrh0r6zq5yIj/FHv/DibLglBrsvJEFTyIxVq71OM1xBuTMr1keNneQLXp3kvdOTkxQtp+EM5OdGdhvPdt00vvVGhDAMeFSECmBEf5MxZx0xZqcnnog50iNr5b/ARij2J7MLGBk+zjoOZGOaw==
Received: from ary.qy ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126:0:78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA CHACHA20-POLY1305 AEAD) via TCP6; 18 Apr 2025 20:16:14 -0000
Received: by ary.qy (Postfix, from userid 501) id D9204C53F937; Fri, 18 Apr 2025 16:16:13 -0400 (EDT)
Date: Fri, 18 Apr 2025 16:16:13 -0400
Message-Id: <20250418201613.D9204C53F937@ary.qy>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <83666fd3-a51f-46e1-a5ac-0b9a46361480@desec.io>
Organization: Taughannock Networks
References: <m1u5h1G-0000LcC@stereo.hq.phicoh.net> <83666fd3-a51f-46e1-a5ac-0b9a46361480@desec.io>
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Message-ID-Hash: O7ZWR63QONERQPTAO7QPAJPXTFUWB35Q
X-Message-ID-Hash: O7ZWR63QONERQPTAO7QPAJPXTFUWB35Q
X-MailFrom: johnl@iecc.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: peter@desec.io
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Call for Adoption: draft-davies-internal-tld
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zBlouK8KRkiYjJz7d71PQkZvhbY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

It appears that Peter Thomassen  <peter@desec.io> said:
>
>
>On 4/18/25 10:24, Philip Homburg wrote:
>> The current draft contains the following text:
>> DNSSEC validating resolvers will fail to resolve names ending in "internal".
>> 
>> In my opinion we should not have a specification that leads to DNSSEC
>> validation errors.
>
>I agree this is a problem, and therefore I'm against adopting this draft unless this problem is resolved.

If I were using .internal names, I would configure them in unbound exactly the
same way that I configure the rDNS for 192.168/16 and .onion and the other zones
it's preconfigured to serve. If you ask for DNSSEC, it says it's unsigned.

If someone is about to say but then if I do my own DNSSEC checks in my end
device it won't work. That's true, and it won't work if you use 8.8.8.8 or DoH
to 1.1.1.1 either. If you splice local names into your local DNS cache, they
won't work if a program doesn't use that cache and DNSSEC is the least of your
problems.

R's,
John

v2.31.3 | Report a Bug | By Email | System Status