Re: [DNSOP] DNS names for local networks - not only home residental networks ...
Warren Kumari <warren@kumari.net> Sun, 03 September 2017 00:55 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7822D132E17 for <dnsop@ietfa.amsl.com>; Sat, 2 Sep 2017 17:55:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jq2cuMucebVl for <dnsop@ietfa.amsl.com>; Sat, 2 Sep 2017 17:55:14 -0700 (PDT)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26F29132937 for <dnsop@ietf.org>; Sat, 2 Sep 2017 17:55:14 -0700 (PDT)
Received: by mail-wm0-x232.google.com with SMTP id v2so17924873wmf.0 for <dnsop@ietf.org>; Sat, 02 Sep 2017 17:55:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2znevA851ARPZCME2r4Nd+akfXj8t5z64ZNg2AaxITA=; b=hFWKdU7jtHISiZHsnP+VAiA5UsKHQdBiUM/gbwaOVVmUKE4d5/IaCQAxH3FhA6FgGG o/cFUnLclXNPQKABBvbm0RySl12oOHtfguLrMc8utz2gIX+oygzftsnJfjtDhYZDbv6J WGBgt2VfGSCBowHNibljp17Pq0oy2ScEb8dnee6VZXlHyljaIfUyL9bu8axyI0HZMelP cCqCkBcXaY58q2QmSLvmgOGtQBQIsu6kcjHa1r+gdzf2VDIPgGaXc173SRXJRDEb4zXL NsrBFm9OLq/PV6gvLm23Yq0yP6hjMIe4WxfBJAOl/yB0IA2zO14tHglH2zxLyGxfDhRa z3mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2znevA851ARPZCME2r4Nd+akfXj8t5z64ZNg2AaxITA=; b=FwkdUrLgKlhcMNqN0DiYBP6UAjUr59tOd9qB5k8FhE/j7ESaIuKfy/RguoA7uJtvQG beN0kcEsD4+tFgmiUjp6Wwcpi/IVflaN3ve5aNtPC7IjV2oCRh/Eqs6tzbnVYfQkHopK v4eYu/scva4972RKy3FXErr8t6LmVRvnVv05BZqvgbj+wGCpVO/xQS942ihwaVLBp1xX kkaWX9djSgawQ/ZNzED94AGUPL420hwT8nfbpT2uHIizJyP1Jq4FI8pEFacRT1vr8FW+ J0XAD4w97ktCOJy4n2gGNudKUsMPj5fGsAnsQe+6vus2SGXKwMA0fx3iMpiNCseal5mF MOZQ==
X-Gm-Message-State: AHPjjUhRW2iqAv7RAsdavO6+dOthnP5zrk7zMu0ZgepLtOZq6pS16Peh hRJEuTWEHqMfDvcTa9g0RcXfFufl4Vjc
X-Google-Smtp-Source: ADKCNb7t5HEisabdPd0Nm0o1yr9eqRNSxDH37VJrs4rZr8PQA7dD1O6398ETYyfvCeFdEVQIB0o/EX6BEyq4LlYPL0g=
X-Received: by 10.28.175.76 with SMTP id y73mr1665467wme.33.1504400112473; Sat, 02 Sep 2017 17:55:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.164.135 with HTTP; Sat, 2 Sep 2017 17:54:31 -0700 (PDT)
In-Reply-To: <8462E244-3DD1-427A-A2D0-B51CFE1601C3@gmail.com>
References: <150428805872.6417.9525310755360551475@ietfa.amsl.com> <59A9B760.2060209@mathemainzel.info> <alpine.LRH.2.21.1709011556280.12556@bofh.nohats.ca> <59A9BD75.5010408@mathemainzel.info> <alpine.LRH.2.21.1709011612470.12556@bofh.nohats.ca> <CAHw9_iKKDFj4SJtpxV=egNB0D=jkBFnQ68N5kOgUBFieexvsTA@mail.gmail.com> <8462E244-3DD1-427A-A2D0-B51CFE1601C3@gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Sat, 02 Sep 2017 20:54:31 -0400
Message-ID: <CAHw9_iJBW8FUVeT18rfxFTBYRVUCAMEyezxcGzhc4szn+Q9Z=Q@mail.gmail.com>
To: Ralph Droms <rdroms.ietf@gmail.com>
Cc: Paul Wouters <paul@nohats.ca>, "dnsop@ietf.org" <dnsop@ietf.org>, "Walter H." <Walter.H@mathemainzel.info>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/zMxgWoJMzRHeVjiKXtLbedRjmu8>
Subject: Re: [DNSOP] DNS names for local networks - not only home residental networks ...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Sep 2017 00:55:16 -0000
On Sat, Sep 2, 2017 at 8:36 PM, Ralph Droms <rdroms.ietf@gmail.com> wrote: > > On Sep 2, 2017, at 8:29 PM, Warren Kumari <warren@kumari.net> wrote: > > On Fri, Sep 1, 2017 at 4:14 PM, Paul Wouters <paul@nohats.ca> wrote: > > On Fri, 1 Sep 2017, Walter H. wrote: > > If you are a company and you are using a hardcoded domain of "local", > then you have been and still are, completely broken. The only fix is to > rename your network. > > > ACK and which non public domain name I can use for this > that doesn't conflict now and will not conflict in the future? > > > > Something that's yours and not squatted. For example > internal.mathemainzel.info. > > Please see the last three years of dnsops and homenet working group list > archives. > > > ... perhaps the other way of looking at the last thirty three years of > DNS is that people *do* actually want something like this, and that > perhaps it is time to actually create something specifically for it. > Our smacking people on the nose with rolled up newspapers and saying > "no, bad operator" ignores the fact that people still want this, and > still do this, and there ain't nothing we can do to stop them... > > And so: https://tools.ietf.org/html/draft-wkumari-dnsop-internal-00 > > This asks for a Special Use Name, specifically for this sort of thing > (and, yes, for building test networks, and for labeling devices which > have no Internet connection, etc). The desire and need for something > like this has been identified / discussed for a long time - the most > recent was probably when we decided that .alt would only be for > non-DNS contexts, and that someone should go make something like this > for the DNS - think of it like RFC1918 for names. > It will require an unsecured delegation, for which we currently have > no process, and this (if people think it is a good idea!) will require > process to be created -- which A: will take many many years, and B: if > at least somewhat unlikely to happen -- but, if we don't at least ask, > we certainly won't get it... > > > Warren - I've only read part of your draft, and I'll comment on that part of > it... > > I was immediately struck by the parallel between <something-internal> and > home.arpa. How are the two cases different? Can you explain why this text > from section 3.2 of your doc applies to internal.arpa and not to > homenet.arpa? Honestly, not really. Well, more fully, I don't have a very concrete answer, but I *do* have a lot of handwaving if you'd like? This text made me uncomfortable when I wrote it, for a number of reasons. Firstly, I am somewhat concerned that some set of people will manage to break arpa when they put in magic for home.arpa, but I also feel that the deployments scenarios are likely to be somewhat different - for home.arpa I'm assuming that this will be added to name-server distributions, and the names that *do* exist will be automatically created, and answered from homenet devices. If there were an "internal.arpa", I'm assuming that it would be much more likely that some admin behind a keyboard will be editing zonefiles and fiddling with the config, and so more likely to break it. As I said, this is a very hand-wavey argument, fully divorced from rigor. But, whatever the case, much of the purpose of this is for internal namespaces, where users will be seeing and interacting with the names (and not using automated UIs) -- and so I think that internal.arpa fails the "does this look nice" test (which is also hand-wavey :-)) W > > It may also cause issues when server operators > override part of the .arpa domain in order to instantiate > something.arpa. > > > - Ralph > > > > > And yes, this is somewhat of a straw-man. > W > > > > Paul > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > > > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [DNSOP] DNS names for local networks - not only h… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNS names for local networks - not on… Paul Wouters
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNS names for local networks - not on… Paul Wouters
- Re: [DNSOP] DNS names for local networks - not on… Warren Kumari
- Re: [DNSOP] DNS names for local networks - not on… Ralph Droms
- Re: [DNSOP] DNS names for local networks - not on… Warren Kumari
- Re: [DNSOP] DNS names for local networks - not on… Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Måns Nilsson
- Re: [DNSOP] DNS names for local networks - not on… Andrew Sullivan
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Mark Andrews
- Re: [DNSOP] DNS names for local networks - not on… Paul Hoffman
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- [DNSOP] DNSSEC in local networks Jim Reid
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Jim Reid
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Måns Nilsson
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNSSEC in local networks Petr Špaček
- Re: [DNSOP] DNS names for local networks - not on… Stephane Bortzmeyer
- Re: [DNSOP] DNS names for local networks - not on… Stephane Bortzmeyer
- Re: [DNSOP] DNSSEC in local networks Stephane Bortzmeyer
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNSSEC in local networks Stephane Bortzmeyer
- Re: [DNSOP] DNSSEC in local networks Paul Vixie
- Re: [DNSOP] DNSSEC in local networks Tony Finch
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Michael H. Warfield
- Re: [DNSOP] DNS names for local networks - not on… Lyndon Nerenberg
- Re: [DNSOP] DNS names for local networks - not on… Mark Andrews
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNSSEC in local networks Mark Andrews
- Re: [DNSOP] DNSSEC in local networks Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Stephane Bortzmeyer
- Re: [DNSOP] DNS names for local networks - not on… Walter H.
- Re: [DNSOP] DNS names for local networks - not on… Matthew Pounsett
- Re: [DNSOP] DNS names for local networks - not on… Andrew Sullivan
- Re: [DNSOP] DNS names for local networks - not on… Paul Vixie
- Re: [DNSOP] DNS names for local networks - not on… Andrew Sullivan
- Re: [DNSOP] DNS names for local networks - not on… Tony Finch
- Re: [DNSOP] DNSSEC in local networks Warren Kumari
- [DNSOP] Fwd: DNSSEC in local networks william manning