Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF DNS server selection document
Alex Bligh <alex@alex.org.uk> Mon, 24 October 2011 11:55 UTC
Return-Path: <alex@alex.org.uk>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B590921F87D3; Mon, 24 Oct 2011 04:55:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 95J0Z4Do5UMZ; Mon, 24 Oct 2011 04:55:47 -0700 (PDT)
Received: from mail.avalus.com (mail.avalus.com [IPv6:2001:41c8:10:1dd::10]) by ietfa.amsl.com (Postfix) with ESMTP id C771521F8C60; Mon, 24 Oct 2011 04:55:33 -0700 (PDT)
Received: from [192.168.100.15] (87-194-71-186.bethere.co.uk [87.194.71.186]) by mail.avalus.com (Postfix) with ESMTPSA id 3D8D8C560FA; Mon, 24 Oct 2011 12:55:30 +0100 (BST)
Date: Mon, 24 Oct 2011 12:55:29 +0100
From: Alex Bligh <alex@alex.org.uk>
To: Keith Moore <moore@network-heretics.com>
Message-ID: <AFC2B32D1BE5A9E449B8D8A1@Ximines.local>
In-Reply-To: <EEE0996F-FE4D-4ECF-A685-DD69DFCC87B9@network-heretics.com>
References: <F2045A70-6314-41CF-AC3C-01F1F1ECF84C@network-heretics.com> <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com> <628C128E-BDA8-46C3-BF07-364A482FE199@network-heretics.com> <20111024.080822.74700976.sthaug@nethelp.no> <59274CC1-611A-445B-A1CF-A0F49329DC1F@network-heretics.com> <E68B291B136EE9E8CFBF68F0@Ximines.local> <EEE0996F-FE4D-4ECF-A685-DD69DFCC87B9@network-heretics.com>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Mailman-Approved-At: Mon, 24 Oct 2011 04:58:39 -0700
Cc: mif@ietf.org, matt@conundrum.com, dnsop@ietf.org, dnsext@ietf.org, pk@isoc.de, Alex Bligh <alex@alex.org.uk>, dhcwg@ietf.org, denghui02@hotmail.com
Subject: Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF DNS server selection document
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Alex Bligh <alex@alex.org.uk>
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 11:55:48 -0000
--On 24 October 2011 07:29:55 -0400 Keith Moore <moore@network-heretics.com> wrote: >>> I'm just pointing out that for the vast majority of the contexts in >>> which domain names are used, the expectation is that a domain name that >>> contains a "." is fully-qualified. >> >> This is sampling bias. > > No, I don't think so. The vast majority of contexts where domain names > are used, are contexts in which the domain is supplied by one party and > (at least potentially) used by another party. Email addresses, URLs, > domain names written on advertisements and business cards, etc. Of course, but that explicitly excludes every case where a search list is useful. That's why I'm saying you have to look at the cases were a search list is used. In large organisations "domain names" (used loosely) can have dots in and be expected to have search list items appended. Given search list use is rare, it's obviously going to be rare to have them with dots. >> The question here should be "where search lists are used, are >> they frequently used in combination with domain names that >> are not fully qualified". I would suggest the answer to this >> question is "yes". > > That's not a useful way to phrase the question, because there's no way > for software to know whether or not the user intends that a name > containing "." is fully-qualified. You are begging the question. Of course the name "foo.bar" is ambiguous. That's precisely /why/ there is a search list, so foo.bar is only looked up if foo.bar.example.com (or whatever) does not exist. The existence of the "if" step means that the software cannot know what the domain means (in the sense of what it will ultimately resolve to) without doing a lookup. >> If so, then to the extent that search lists >> are supported, you need to make them interwork names with >> dots in them. Moreover, with a search list of "example.com", >> having "mail" work, but not "mail.dev" is going to be a >> pretty surprising outcome. > > It will be surprising to that relatively small portion of users that > relies on search lists being applied to multi-label names. But overall, > having a clear, visible distinction between names for which searching is > potentially applied (i.e. bare or single-label names), and names for > which searching is not applied (multi-label names) results in less > surprising behavior for everyone. I do not think you have established that a relatively small number of users of search lists use multi-label names. I suspect that is not true. >> I think the two options are either deprecating search lists >> (or not supporting them), or supporting them properly, in >> which case they must be used whatever domain name is >> specified, and the way to avoid using a search list >> is the same old hack as before (i.e. putting a dot on the >> end). > > Supporting search lists "properly" is NOT using them whenever a domain > name is specified. That makes all domain names context-sensitive, and > breaks every application that uses domain names supplied by other parties > or in other contexts. I don't have RFC references to hand, but precisely for the reasons you have set out above, I do not believe there is anything within them that search lists should only be used if "a domain name is specified", precisely because it's impossible to tell whether a string with dots in it is "a domain name", or merely something to go on the front of search lists. What you are, I think, saying, is that you want to change the behaviour of search lists so they only work with single labels. What I'm saying is that there are likely to be a significant number of users of search lists who are affected by that, as they currently pass things with dots in them. A completely unscientific analysis I know, but every internet company I have worked with since we moved out of uucp naming has done this, and not because I have told them to. Even current 20 person software house does this. So, if you are going to substantially break search lists (which is not inherently a bad idea - they have caused all sorts of trouble in times past), you might as well just deprecate them or not support them. -- Alex Bligh
- [mif] 2nd Last Call for MIF DNS server selection … Hui Deng
- Re: [mif] 2nd Last Call for MIF DNS server select… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Ray Bellis
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- [mif] bare names (was: [dnsext] 2nd Last Call for… Andrew Sullivan
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Keith Moore
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Andrew Sullivan
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Keith Moore
- Re: [mif] [dhcwg] 2nd Last Call for MIF DNS serve… Ted Lemon
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Margaret Wasserman
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Ted Lemon
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Keith Moore
- Re: [mif] [dhcwg] 2nd Last Call for MIF DNS serve… teemu.savolainen
- Re: [mif] [dhcwg] 2nd Last Call for MIF DNS serve… Ted Lemon
- Re: [mif] bare names Brian E Carpenter
- Re: [mif] [dnsext] [dhcwg] 2nd Last Call for MIF … Brian Dickson
- Re: [mif] [dnsext] bare names (was: 2nd Last Call… Mark Andrews
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… SM
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Brian E Carpenter
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Ray Bellis
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… David Conrad
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Mark Andrews
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … sthaug
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Brian Dickson
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Mark Andrews
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Brian E Carpenter
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Matthew Pounsett
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Alex Bligh
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Mark Andrews
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call … Donald Eastlake
- Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call … Mark Andrews
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Alex Bligh
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Alex Bligh
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Mark Andrews
- Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call … Danny Mayer
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Lawrence Conroy
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Jeffrey Hutzelman
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Jeffrey Hutzelman
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Jeffrey Hutzelman
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] 2nd Last Call for MIF DNS server select… teemu.savolainen