Re: [mif] bare names (was: [dnsext] 2nd Last Call for MIF DNS server selection document)

[Keith Moore <moore@network-heretics.com>]

On Oct 19, 2011, at 9:26 AM, Andrew Sullivan wrote:

> Note: I trimmed the cc:s down to just the lists, but if we're going to
> pursue this dicussion we probably ought to follow up in mif, since
> that's where the draft comes from.  That's why I set reply-to.  Also,
> I sent this first from the wrong address, so apologies to those who
> see it twice.
> 
> On Wed, Oct 19, 2011 at 07:23:15AM -0400, Keith Moore wrote:
> 
>> I don't see why IETF should give a flying *#&(*#$ what the owners of
>> brand-name gTLDs want.  Brand-name gTLDs are an exceedingly stupid
>> idea, and treating single label names as anything other than local
>> abbreviations flies in the face of 25+ years of practice.
> 
> If you said, "25+ years of practice illustrating how broken the
> search-path mechanism is," I'd agree with you.

I agree that search paths are somewhat broken.   What's not broken is the idea of using single-label names as local names.  

> I think it is largely true that single-label domain names are going to
> fail to work in all sorts of amusing ways that will surprise gullible
> people who forked over a pile of cash for the privilege of registering
> them.  Nevertheless, the search path mechanism has never worked very
> well and is notoriously unreliable in the face of split-brain DNS.

split-brain DNS is an abomination that should be eradicated from the planet.

> Still, too many people continue to rely on the search path for this
> document to be the place to deprecate it.  But I agree with Ray (and
> apparently Paul Vixie) that the mechanism ought to go away.

I don't think it should necessarily go away.  But perhaps it needs to be better defined, and/or more advice needs to be given to applications about how to deal with single-label names.

> Now that Ray has mentioned it, however, perhaps a sentence along these
> lines in the second paragraph of 4.6 would be useful:
> 
>    It should be noted that the DNS search list mechanism may cause
>    surprising results when used with more than one network at a time.
> 
> That addresses the other point that Ray was making: search list-style
> bare names are often broken if you're not on the right network, and
> the point of this draft is precisely that you're _not_ on only one
> network, so it isn't clear what "the right network" is.

and sometimes, single-label names are set up to work correctly on multiple networks - the salient point being that the meaning of the name might be inherently context-sensitive.

>> The best thing that IETF could do is to make sure that use of
>> single-label gTLDs is so unreliable that no megacorporation would
>> dare use them.
> 
> And clearly that will work, because the IETF has a long record of
> success of standing before the tide and telling it to stop.

this isn't a tide.  this is a small number of parties bent on abuse of the Internet.  they deserve to fail.

Keith