IETF Logo Mail Archive

Re: [DNSOP] DNS names for local networks - not only home residental networks ...

Warren Kumari <warren@kumari.net> Sun, 03 September 2017 00:55 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7822D132E17 for <dnsop@ietfa.amsl.com>; Sat, 2 Sep 2017 17:55:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jq2cuMucebVl for <dnsop@ietfa.amsl.com>; Sat, 2 Sep 2017 17:55:14 -0700 (PDT)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26F29132937 for <dnsop@ietf.org>; Sat, 2 Sep 2017 17:55:14 -0700 (PDT)
Received: by mail-wm0-x232.google.com with SMTP id v2so17924873wmf.0 for <dnsop@ietf.org>; Sat, 02 Sep 2017 17:55:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2znevA851ARPZCME2r4Nd+akfXj8t5z64ZNg2AaxITA=; b=hFWKdU7jtHISiZHsnP+VAiA5UsKHQdBiUM/gbwaOVVmUKE4d5/IaCQAxH3FhA6FgGG o/cFUnLclXNPQKABBvbm0RySl12oOHtfguLrMc8utz2gIX+oygzftsnJfjtDhYZDbv6J WGBgt2VfGSCBowHNibljp17Pq0oy2ScEb8dnee6VZXlHyljaIfUyL9bu8axyI0HZMelP cCqCkBcXaY58q2QmSLvmgOGtQBQIsu6kcjHa1r+gdzf2VDIPgGaXc173SRXJRDEb4zXL NsrBFm9OLq/PV6gvLm23Yq0yP6hjMIe4WxfBJAOl/yB0IA2zO14tHglH2zxLyGxfDhRa z3mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2znevA851ARPZCME2r4Nd+akfXj8t5z64ZNg2AaxITA=; b=FwkdUrLgKlhcMNqN0DiYBP6UAjUr59tOd9qB5k8FhE/j7ESaIuKfy/RguoA7uJtvQG beN0kcEsD4+tFgmiUjp6Wwcpi/IVflaN3ve5aNtPC7IjV2oCRh/Eqs6tzbnVYfQkHopK v4eYu/scva4972RKy3FXErr8t6LmVRvnVv05BZqvgbj+wGCpVO/xQS942ihwaVLBp1xX kkaWX9djSgawQ/ZNzED94AGUPL420hwT8nfbpT2uHIizJyP1Jq4FI8pEFacRT1vr8FW+ J0XAD4w97ktCOJy4n2gGNudKUsMPj5fGsAnsQe+6vus2SGXKwMA0fx3iMpiNCseal5mF MOZQ==
X-Gm-Message-State: AHPjjUhRW2iqAv7RAsdavO6+dOthnP5zrk7zMu0ZgepLtOZq6pS16Peh hRJEuTWEHqMfDvcTa9g0RcXfFufl4Vjc
X-Google-Smtp-Source: ADKCNb7t5HEisabdPd0Nm0o1yr9eqRNSxDH37VJrs4rZr8PQA7dD1O6398ETYyfvCeFdEVQIB0o/EX6BEyq4LlYPL0g=
X-Received: by 10.28.175.76 with SMTP id y73mr1665467wme.33.1504400112473; Sat, 02 Sep 2017 17:55:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.164.135 with HTTP; Sat, 2 Sep 2017 17:54:31 -0700 (PDT)
In-Reply-To: <8462E244-3DD1-427A-A2D0-B51CFE1601C3@gmail.com>
References: <150428805872.6417.9525310755360551475@ietfa.amsl.com> <59A9B760.2060209@mathemainzel.info> <alpine.LRH.2.21.1709011556280.12556@bofh.nohats.ca> <59A9BD75.5010408@mathemainzel.info> <alpine.LRH.2.21.1709011612470.12556@bofh.nohats.ca> <CAHw9_iKKDFj4SJtpxV=egNB0D=jkBFnQ68N5kOgUBFieexvsTA@mail.gmail.com> <8462E244-3DD1-427A-A2D0-B51CFE1601C3@gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Sat, 02 Sep 2017 20:54:31 -0400
Message-ID: <CAHw9_iJBW8FUVeT18rfxFTBYRVUCAMEyezxcGzhc4szn+Q9Z=Q@mail.gmail.com>
To: Ralph Droms <rdroms.ietf@gmail.com>
Cc: Paul Wouters <paul@nohats.ca>, "dnsop@ietf.org" <dnsop@ietf.org>, "Walter H." <Walter.H@mathemainzel.info>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zMxgWoJMzRHeVjiKXtLbedRjmu8>
Subject: Re: [DNSOP] DNS names for local networks - not only home residental networks ...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Sep 2017 00:55:16 -0000

On Sat, Sep 2, 2017 at 8:36 PM, Ralph Droms <rdroms.ietf@gmail.com> wrote:
>
> On Sep 2, 2017, at 8:29 PM, Warren Kumari <warren@kumari.net> wrote:
>
> On Fri, Sep 1, 2017 at 4:14 PM, Paul Wouters <paul@nohats.ca> wrote:
>
> On Fri, 1 Sep 2017, Walter H. wrote:
>
> If you are a company and you are using a hardcoded domain of "local",
> then you have been and still are, completely broken. The only fix is to
> rename your network.
>
>
> ACK and which non public domain name I can use for this
>  that doesn't conflict now and will not conflict in the future?
>
>
>
> Something that's yours and not squatted. For example
> internal.mathemainzel.info.
>
> Please see the last three years of dnsops and homenet working group list
> archives.
>
>
> ... perhaps the other way of looking at the last thirty three years of
> DNS is that people *do* actually want something like this, and that
> perhaps it is time to actually create something specifically for it.
> Our smacking people on the nose with rolled up newspapers and saying
> "no, bad operator" ignores the fact that people still want this, and
> still do this, and there ain't nothing we can do to stop them...
>
> And so: https://tools.ietf.org/html/draft-wkumari-dnsop-internal-00
>
> This asks for a Special Use Name, specifically for this sort of thing
> (and, yes, for building test networks, and for labeling devices which
> have no Internet connection, etc). The desire and need for something
> like this has been identified / discussed for a long time - the most
> recent was probably when we decided that .alt would only be for
> non-DNS contexts, and that someone should go make something like this
> for the DNS - think of it like RFC1918 for names.
> It will require an unsecured delegation, for which we currently have
> no process, and this (if people think it is a good idea!) will require
> process to be created -- which A: will take many many years, and B: if
> at least somewhat unlikely to happen -- but, if we don't at least ask,
> we certainly won't get it...
>
>
> Warren - I've only read part of your draft, and I'll comment on that part of
> it...
>
> I was immediately struck by the parallel between <something-internal> and
> home.arpa.  How are the two cases different?  Can you explain why this text
> from section 3.2 of your doc applies to internal.arpa and not to
> homenet.arpa?

Honestly, not really. Well, more fully, I don't have a very concrete
answer, but I *do* have a lot of handwaving if you'd like?

This text made me uncomfortable when I wrote it, for a number of
reasons. Firstly, I am somewhat concerned that some set of people will
manage to break arpa when they put in magic for home.arpa, but I also
feel that the deployments scenarios are likely to be somewhat
different - for home.arpa I'm assuming that this will be added to
name-server distributions, and the names that *do* exist will be
automatically created, and answered from homenet devices. If there
were an "internal.arpa", I'm assuming that it would be much more
likely that some admin behind a keyboard will be editing zonefiles and
fiddling with the config, and so more likely to break it.

As I said, this is a very hand-wavey argument, fully divorced from
rigor. But, whatever the case, much of the purpose of this is for
internal namespaces, where users will be seeing and interacting with
the names (and not using automated UIs) -- and so I think that
internal.arpa fails the "does this look nice" test (which is also
hand-wavey :-))

W



>
>    It may also cause issues when server operators
>    override part of the .arpa domain in order to instantiate
>    something.arpa.
>


>
> - Ralph
>
>
>
>
> And yes, this is somewhat of a straw-man.
> W
>
>
>
> Paul
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
>
>
>
> --
> I don't think the execution is relevant when it was obviously a bad
> idea in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair
> of pants.
>   ---maf
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
>



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.14.0 | Report a Bug | By Email