Re: new DNS classes

"John Levine" <> Wed, 05 July 2017 18:03 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 840E5131563 for <>; Wed, 5 Jul 2017 11:03:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dhSllxKaWpMg for <>; Wed, 5 Jul 2017 11:03:32 -0700 (PDT)
Received: from ( [IPv6:2001:470:1f07:1126::4945:4343]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DB572131D80 for <>; Wed, 5 Jul 2017 11:03:31 -0700 (PDT)
Received: (qmail 24850 invoked from network); 5 Jul 2017 18:03:31 -0000
Received: from unknown ( by with QMQP; 5 Jul 2017 18:03:31 -0000
Date: 5 Jul 2017 18:03:09 -0000
Message-ID: <20170705180309.71215.qmail@ary.lan>
From: "John Levine" <>
Subject: Re: new DNS classes
In-Reply-To: <>
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 05 Jul 2017 18:03:33 -0000

In article <> you write:
>As to whether a class has a parallel heirachy or not depends on
>how we define the use of the class.

It hardly matters, because there's no practical way to bootstrap a new

If all classes have the same root, the root servers for any new class
are the same as the ICANN managed root, and short of an implusible
revolt by the root server operators (one of which is of course ICANN),
they'll have the same management issues that the IN tree does.

Or if they don't have the same root, it's just another alt root, and
we know where that leads.


PS: I would also note that several special use TLDs do things you
can't even express in the DNS.  When you resolve a .onion name,
you don't get an rrset, you get an open socket.