Return-Path: <paul@redbarn.org>
X-Original-To: hrpc@ietfa.amsl.com
Delivered-To: hrpc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
 by ietfa.amsl.com (Postfix) with ESMTP id 6173612799B
 for <hrpc@ietfa.amsl.com>; Wed, 13 Mar 2019 22:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5
 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
 autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44])
 by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id nmEg6dPXt1UU for <hrpc@ietfa.amsl.com>;
 Wed, 13 Mar 2019 22:32:52 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org
 [IPv6:2001:559:8000:cd::5])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by ietfa.amsl.com (Postfix) with ESMTPS id 1600012705F
 for <hrpc@irtf.org>; Wed, 13 Mar 2019 22:32:52 -0700 (PDT)
Received: from linux-9daj.localnet (vixp1.redbarn.org [24.104.150.140])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by family.redbarn.org (Postfix) with ESMTPSA id 4A608892C6;
 Thu, 14 Mar 2019 05:32:51 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: Ted Lemon <mellon@fugue.com>
Cc: dnsop@ietf.org, Vittorio Bertola <vittorio.bertola@open-xchange.com>,
 doh@ietf.org, dns-privacy@ietf.org, hrpc@irtf.org
Date: Thu, 14 Mar 2019 05:32:48 +0000
Message-ID: <4425132.CsHbCTgi9Z@linux-9daj>
Organization: Vixie Freehold
In-Reply-To: <D97261BB-1D62-400F-8EBD-886B5BA586BD@fugue.com>
References: <20190311170218.o5hitvysuefhjjxk@nic.fr>
 <2044747.4WdMZHU4Qz@linux-9daj>
 <D97261BB-1D62-400F-8EBD-886B5BA586BD@fugue.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/hrpc/RDBVna9iElpo1Zx_ij_1qOrjp90>
Subject: Re: [hrpc] [DNSOP] Proposal for a side-meeting on services
 centralization at IETF 104 Prague
X-BeenThere: hrpc@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "mail@nielstenoever.net" <hrpc.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hrpc>,
 <mailto:hrpc-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hrpc/>
List-Post: <mailto:hrpc@irtf.org>
List-Help: <mailto:hrpc-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hrpc>,
 <mailto:hrpc-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 05:32:53 -0000

On Thursday, 14 March 2019 00:48:53 UTC Ted Lemon wrote:
> On Mar 12, 2019, at 2:52 PM, Paul Vixie <paul@redbarn.org> wrote:
> > please do not relegate discussions about the loss of operator control o=
ver
> > the RDNS control plane
>=20
> Although it=E2=80=99s certainly true that DNS is used as a control plane =
by many
> operators, there is no standard =E2=80=9CRDNS control plane.=E2=80=9D   .=
=2E.

i don't think lack of standardization is the same as not existing. devices=
=20
which honour the dhcp-assigned rdns service, work as expected, and as=20
intended. devices who ignore that setting and seek their own rdns by their =
own=20
internal configuration, will often not work at all.

because many of us amend our locally visible dns namespace with things like=
=20
=2Ecorp or .home or .local, it's even more vital that devices respect the r=
dns=20
assignment i make. the dns content i want to be visible on my network, have=
 to=20
be visible on my network.

because many of us won't allow pirate or malware or otherwise undesired DNS=
=20
lookups to succeed, either because we don't like the name, or we don't like=
=20
the result of the query, or we don't like some name server that would be=20
involved in resolving it. the dns content i don't want to be visible on my=
=20
network, have to not be visible on my network.

from the days before dhcp when we typed these numbers in by hand, until now=
,=20
it has always been the expectation that rdns was part-and-parcel of local=20
network service. no different in that regard from dhcp or arp, neither of=20
which is standardized under the heading, "control plane", yet, are.

so i think i'm not going to follow you down this terminological rabbit hole=
=2E=20
the reason that internet creations of yours will work better on my network =
if=20
you treat the rdns as part of my control plane is, because it's my network =
and=20
that's how i operate it. you're not welcome to bypass it, nor answer dhcp=20
requests when you're not my dhcp server, nor answer arp requests when you=20
aren't the device i assigned that address to.

you can call that tautological if you wish. but it's the life my networks=20
lead. external DoH providers are explicitly not welcome to provide service =
to=20
malware or intruders who get into my network -- because rdns is part of my=
=20
control plane, and like arp and dhcp, i control it and i monitor it, for=20
$reasons.

> The problem with the discussion we=E2=80=99ve been having about DoH and h=
ow it
> affects your =E2=80=9CRDNS control plane=E2=80=9D is that we=E2=80=99re t=
alking past each other,
> not that the discussion should be had elsewhere.   It=E2=80=99s fine for =
there to
> be a discussion, but if there is going to be a discussion, participants
> need to engage constructively, and not just fling slogans at each other.

i think i've flung considerably more than slogans, and, it's been exhaustin=
g.

vixie