Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF DNS server selection document
Mark Andrews <marka@isc.org> Sun, 23 October 2011 23:49 UTC
Return-Path: <marka@isc.org>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07F1E21F8B5A; Sun, 23 Oct 2011 16:49:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.268
X-Spam-Level:
X-Spam-Status: No, score=-2.268 tagged_above=-999 required=5 tests=[AWL=-0.269, BAYES_00=-2.599, J_CHICKENPOX_33=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kB8Yn68lZHkv; Sun, 23 Oct 2011 16:49:45 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id 3D48521F8B2B; Sun, 23 Oct 2011 16:49:45 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id 7EEAD5F984C; Sun, 23 Oct 2011 23:49:29 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:6233:4bff:fe01:7585]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 39EDD216C6A; Sun, 23 Oct 2011 23:49:27 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 6E1D915C005F; Mon, 24 Oct 2011 10:49:21 +1100 (EST)
To: Matthew Pounsett <matt@conundrum.com>
From: Mark Andrews <marka@isc.org>
References: <COL118-W55403198A984BAAE44BA47B1F70@phx.gbl> <916CE6CF87173740BC8A2CE44309696203782D75@008-AM1MPN1-037.mgdnok.nokia.com> <121DABD1-65E8-4275-8471-9FA38D25C434@nominet.org.uk> <916CE6CF87173740BC8A2CE44309696203783EE0@008-AM1MPN1-037.mgdnok.nokia.com> <4EA09791.8010705@gmail.com> <C8398996-79B5-437E-82A5-6B869ECF8F4E@network-heretics.com> <94C2E518-F34F-49E4-B15C-2CCCFAA96667@virtualized.org> <12477381-9F74-4C50-B576-47EE4322F6BC@network-heretics.com> <CAH1iCiqsN-R87VK3vKityPsY+NXA=0DRASYf_vmBSy8gvYwHdQ@mail.gmail.com> <916CE6CF87173740BC8A2CE44309696203784B27@008-AM1MPN1-037.mgdnok.nokia.com> <708F3212-3C9C-4B61-AA77-EFA8F1CA5B04@nominum.com> <30B1AE01-0A35-48D2-91AF-46FC8B60466C@network-heretics.com> <4EA30EB0.6080605@dougbarton.us> <F2045A70-6314-41CF-AC3C-01F1F1ECF84C@network-heretics.com> <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com>
In-reply-to: Your message of "Sun, 23 Oct 2011 02:39:23 EDT." <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com>
Date: Mon, 24 Oct 2011 10:49:21 +1100
Message-Id: <20111023234921.6E1D915C005F@drugs.dv.isc.org>
X-Mailman-Approved-At: Sun, 23 Oct 2011 17:09:09 -0700
Cc: "<mif@ietf.org>" <mif@ietf.org>, Keith Moore <moore@network-heretics.com>, "<dnsop@ietf.org>" <dnsop@ietf.org>, "<dnsext@ietf.org>" <dnsext@ietf.org>, "<pk@isoc.de>" <pk@isoc.de>, "<dhcwg@ietf.org>" <dhcwg@ietf.org>, "<denghui02@hotmail.com>" <denghui02@hotmail.com>
Subject: Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF DNS server selection document
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Oct 2011 23:49:46 -0000
In message <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com>, Matthew Pounse tt writes: > > On 2011/10/22, at 15:21, Keith Moore wrote: > > > > > On Oct 22, 2011, at 2:42 PM, Doug Barton wrote: > > > >> 1. I think we're all in agreement that dot-terminated names (e.g., > >> example.) should not be subject to search lists. I personally don't have > >> any problems with any document mentioning that this is the expected > >> behavior. > > > > agree. however there are standard protocols for which a trailing dot in a > domain name is a syntax error. > > Any protocol that makes a standard FQDN a syntax error is itself in error. N > ot to say that these don't exist, but if people are writing protocols that ca > n't deal with a properly formatted FQDN they need to stop. Now. Except it isn't a standard hostname. Periods *seperate* labels in hostnames RFC 952. They DO NOT appear at the end of hostnames. Appending a period to the end of a name is user interface hack to prevent searching. If is also a way to prevent the appending of the current origin to all names in a DNS master file as the current origin is always appended if it isn't done. In addition single labels are not HEIRACHICAL / DOMAIN STYLE names as envisioned when we went from a flat namespace of simple hostnames to a heirarchical namespace. foo.bar is a heirachical hostname. bar is a simple hostname. Why are we trying to bring them back on a global context? > > Strongly disagree. That would leave users without a protocol-independent w > ay of unambiguously specifying "this is a fully-qualified domain name". > > > > The practice of applying search lists to names with "."s in them needs to d > ie. > > I can't agree with this statement. As others have said, the practice of usin > g a search list to allow 'ssh foo.bar' to reach 'foo.bar.example.com' isn't g > oing anywhere, and there are a lot of people that make extensive use of the c > onvenience. Ask any security professional about how easy it is to compete wi > th convenient access. > > I think we need to accept that this practice is here to stay, and figure out > how to deal with it on those terms. People deal with all sorts of changes. Point out the obvious security flaws, make enough fuss, vendors have to ship with this behaviour gone/disabled. People stop worrying about it. > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [mif] 2nd Last Call for MIF DNS server selection … Hui Deng
- Re: [mif] 2nd Last Call for MIF DNS server select… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Ray Bellis
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- [mif] bare names (was: [dnsext] 2nd Last Call for… Andrew Sullivan
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Keith Moore
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Andrew Sullivan
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Keith Moore
- Re: [mif] [dhcwg] 2nd Last Call for MIF DNS serve… Ted Lemon
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Margaret Wasserman
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Ted Lemon
- Re: [mif] bare names (was: [dnsext] 2nd Last Call… Keith Moore
- Re: [mif] [dhcwg] 2nd Last Call for MIF DNS serve… teemu.savolainen
- Re: [mif] [dhcwg] 2nd Last Call for MIF DNS serve… Ted Lemon
- Re: [mif] bare names Brian E Carpenter
- Re: [mif] [dnsext] [dhcwg] 2nd Last Call for MIF … Brian Dickson
- Re: [mif] [dnsext] bare names (was: 2nd Last Call… Mark Andrews
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… SM
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Brian E Carpenter
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Ray Bellis
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… David Conrad
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Mark Andrews
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Brian Dickson
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Mark Andrews
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… teemu.savolainen
- Re: [mif] [dnsext] 2nd Last Call for MIF DNS serv… Brian E Carpenter
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Matthew Pounsett
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Mark Andrews
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call … Donald Eastlake
- Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call … Mark Andrews
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … sthaug
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Alex Bligh
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Alex Bligh
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Alex Bligh
- Re: [mif] [DNSOP] [dnsext] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Keith Moore
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Mark Andrews
- Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call … Danny Mayer
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Lawrence Conroy
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Jeffrey Hutzelman
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Jeffrey Hutzelman
- Re: [mif] [dhcwg] [dnsext] [DNSOP] 2nd Last Call … Jeffrey Hutzelman
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Ted Lemon
- Re: [mif] [dnsext] [DNSOP] 2nd Last Call for MIF … Doug Barton
- Re: [mif] 2nd Last Call for MIF DNS server select… teemu.savolainen