Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF DNS server selection document
Mark Andrews <marka@isc.org> Tue, 25 October 2011 00:09 UTC
Return-Path: <marka@isc.org>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5DFE21F8C4A; Mon, 24 Oct 2011 17:09:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.259
X-Spam-Level:
X-Spam-Status: No, score=-2.259 tagged_above=-999 required=5 tests=[AWL=-0.260, BAYES_00=-2.599, J_CHICKENPOX_51=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u6UpPCwVf8ZW; Mon, 24 Oct 2011 17:09:23 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id 9C91621F8C09; Mon, 24 Oct 2011 17:09:22 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id 5EFE85F984C; Tue, 25 Oct 2011 00:09:02 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:6233:4bff:fe01:7585]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 507EA216C6A; Tue, 25 Oct 2011 00:08:55 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 61F9815CE347; Tue, 25 Oct 2011 11:08:53 +1100 (EST)
To: Lawrence Conroy <lconroy@insensate.co.uk>
From: Mark Andrews <marka@isc.org>
References: <F2045A70-6314-41CF-AC3C-01F1F1ECF84C@network-heretics.com> <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com> <628C128E-BDA8-46C3-BF07-364A482FE199@network-heretics.com> <20111024.080822.74700976.sthaug@nethelp.no> <59274CC1-611A-445B-A1CF-A0F49329DC1F@network-heretics.com> <E68B291B136EE9E8CFBF68F0@Ximines.local> <EEE0996F-FE4D-4ECF-A685-DD69DFCC87B9@network-heretics.com> <AFC2B32D1BE5A9E449B8D8A1@Ximines.local> <FAB38B5D-9B44-4B25-9268-9DE4A5DDC9FE@network-heretics.com> <4EA5D012.9090708@dougbarton.us> <CB52BAAF-F38F-4815-9B91-4656F1F3837F@insensate.co.uk>
In-reply-to: Your message of "Mon, 24 Oct 2011 22:34:23 BST." <CB52BAAF-F38F-4815-9B91-4656F1F3837F@insensate.co.uk>
Date: Tue, 25 Oct 2011 11:08:53 +1100
Message-Id: <20111025000853.61F9815CE347@drugs.dv.isc.org>
Cc: dnsop@ietf.org, mif@ietf.org, dnsext@ietf.org
Subject: Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF DNS server selection document
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Oct 2011 00:09:23 -0000
In message <CB52BAAF-F38F-4815-9B91-4656F1F3837F@insensate.co.uk>, Lawrence Con roy writes: > Hi there Doug, Keith, folks, > Speaking of broken mechanisms ... how many dots? > arstechnica.com is OK > co.uk is not OK > > ndots strikes me as a chocolate soldier in the fire used to warm the > chocolate teapot that is search lists. > > At best these are context dependent (and keep IT support in business). At > worst ... > one day I WILL be arrested for tazering the bean counter (why is it > always one of > those?) who insists that "intranet" is a fine web server name useful > anywhere. > > [I came damn close a few times with Yankee hotel reservations accessible > only via > 1-800 'phone numbers] > > Speaking of interoperability -- the comment "it works for everyone here" > is not > a good sign that the solution is interoperable. > > IMO, search lists and ndots are both abominations, and should not be > given the oxygen of publicity. > > all the best, > Lawrence > > > > On 24 Oct 2011, at 21:52, Doug Barton wrote: > > On 10/24/2011 05:16, Keith Moore wrote: > >> That's the point - search lists are not appropriate most of the time, > and it's very hard for software to distinguish the cases where they are > potentially appropriate from the cases when they're not, and it's not > possible for software to do this in all cases. > > > > There's been something missing from this discussion, and I finally put > > my finger on it. TMK most stub resolvers have an option similar to this > > one from ISC's: > > > > ndots:n > > sets a threshold for the number of dots which > > must appear in a name given to res_query() (see > > resolver(3)) before an initial absolute query > > will be made. The default for n is â1â, meanâ > > ing that if there are any dots in a name, the > > name will be tried first as an absolute name > > before any search list elements are appended to > > it. > > > > So it seems that this question is already a matter of local policy, > > which given the number and quality of the divergent views seems > > eminently reasonable. Can we move on now? > > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext In many cases when ndots is not 1 there are no DNS entries that will match <any-tld>.<search-list-entry>. That said the set of <any-tld> is growing so it is going to get harder and harder to ensure that this condition is being met. Walled gardens shouldn't be creating their own TLDs. ISP's, hotspots, etc. should not be search list at all. The definitely should not be relying on "label" being found on a search list. As far as I can tell there are only two places where setting search list make sense. 1. Enterprises. 2. Homes. Everywhere else you DO NOT control the machine requesting the address and setting search lists could actually result in criminal prosecution. Just because the machine requested a search list it doesn't mean that you should be supplying one. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [mif] 2nd Last Call for MIF DNS server selection … Hui Deng
- Re: [mif] 2nd Last Call for MIF DNS server select… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Ray Bellis
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- [mif] bare names (was: [dnsext] 2nd Last Call for… Andrew Sullivan
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Keith Moore
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Andrew Sullivan
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Keith Moore
- Re: [mif] [dhcwg] 2nd Last Call for MIF DNS serve… Ted Lemon
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Margaret Wasserman
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Ted Lemon
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Keith Moore
- Re: [mif] [dhcwg] 2nd Last Call for MIF DNS serve… teemu.savolainen
- Re: [mif] [dhcwg] 2nd Last Call for MIF DNS serve… Ted Lemon
- Re: [mif] bare names Brian E Carpenter
- Re: [mif] [dnsext] [dhcwg] 2nd Last Call for MIF … Brian Dickson
- Re: [mif] [dnsext] bare names (was: 2nd Last Call… Mark Andrews
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… SM
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Brian E Carpenter
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Ray Bellis
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… David Conrad
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Mark Andrews
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Brian Dickson
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Mark Andrews
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Brian E Carpenter
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Matthew Pounsett
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Mark Andrews
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call … Donald Eastlake
- Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call … Mark Andrews
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … sthaug
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Alex Bligh
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Alex Bligh
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Alex Bligh
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Mark Andrews
- Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call … Danny Mayer
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Lawrence Conroy
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Jeffrey Hutzelman
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Jeffrey Hutzelman
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Jeffrey Hutzelman
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] 2nd Last Call for MIF DNS server select… teemu.savolainen