Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call for MIF DNS server selection document

Donald Eastlake <d3e3e3@gmail.com> Mon, 24 October 2011 01:18 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: mif@ietfa.amsl.com
Delivered-To: mif@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D503C21F8A35; Sun, 23 Oct 2011 18:18:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.728
X-Spam-Level:
X-Spam-Status: No, score=-103.728 tagged_above=-999 required=5 tests=[AWL=-0.729, BAYES_00=-2.599, J_CHICKENPOX_33=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLoYucS6Qaqj; Sun, 23 Oct 2011 18:18:43 -0700 (PDT)
Received: from mail-bw0-f44.google.com (mail-bw0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 466B421F89B8; Sun, 23 Oct 2011 18:18:42 -0700 (PDT)
Received: by bkas6 with SMTP id s6so8676336bka.31 for <multiple recipients>; Sun, 23 Oct 2011 18:18:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=HsFoV4+GW+UNolfedzuqmFG2y0VHS31eIeqxoYGb6sw=; b=p9hn9TaQQ5kcjDNImX5HXStldfMQN91wAZBNP7br1LKZqIJOTVIZ5MtX0g925FjZwv EDGR+B47ydds4vBdrUJBvJuuvXfpxKktRVCf2c4Clpyz6jCdZBqcZ4XBQeQ24F2ocflh a8ixAOf9w2SyRTJ9Ktdcm0pEILhq9td6CkOJk=
Received: by 10.223.62.15 with SMTP id v15mr39979659fah.22.1319419119269; Sun, 23 Oct 2011 18:18:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.152.2.4 with HTTP; Sun, 23 Oct 2011 18:18:19 -0700 (PDT)
In-Reply-To: <20111023234921.6E1D915C005F@drugs.dv.isc.org>
References: <COL118-W55403198A984BAAE44BA47B1F70@phx.gbl> <916CE6CF87173740BC8A2CE44309696203782D75@008-AM1MPN1-037.mgdnok.nokia.com> <121DABD1-65E8-4275-8471-9FA38D25C434@nominet.org.uk> <916CE6CF87173740BC8A2CE44309696203783EE0@008-AM1MPN1-037.mgdnok.nokia.com> <4EA09791.8010705@gmail.com> <C8398996-79B5-437E-82A5-6B869ECF8F4E@network-heretics.com> <94C2E518-F34F-49E4-B15C-2CCCFAA96667@virtualized.org> <12477381-9F74-4C50-B576-47EE4322F6BC@network-heretics.com> <CAH1iCiqsN-R87VK3vKityPsY+NXA=0DRASYf_vmBSy8gvYwHdQ@mail.gmail.com> <916CE6CF87173740BC8A2CE44309696203784B27@008-AM1MPN1-037.mgdnok.nokia.com> <708F3212-3C9C-4B61-AA77-EFA8F1CA5B04@nominum.com> <30B1AE01-0A35-48D2-91AF-46FC8B60466C@network-heretics.com> <4EA30EB0.6080605@dougbarton.us> <F2045A70-6314-41CF-AC3C-01F1F1ECF84C@network-heretics.com> <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com> <20111023234921.6E1D915C005F@drugs.dv.isc.org>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sun, 23 Oct 2011 21:18:19 -0400
Message-ID: <CAF4+nEGCHVe6PCHJ-PKckc_7p-4yxQBvcO3dQzv1DdiapTfoKg@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Sun, 23 Oct 2011 19:08:58 -0700
Cc: "<mif@ietf.org>" <mif@ietf.org>, Keith Moore <moore@network-heretics.com>, Matthew Pounsett <matt@conundrum.com>, "<dnsop@ietf.org>" <dnsop@ietf.org>, "<dnsext@ietf.org>" <dnsext@ietf.org>, "<pk@isoc.de>" <pk@isoc.de>, "<dhcwg@ietf.org>" <dhcwg@ietf.org>, "<denghui02@hotmail.com>" <denghui02@hotmail.com>
Subject: Re: [mif] [dhcwg] [DNSOP] [dnsext] 2nd Last Call for MIF DNS server selection document
X-BeenThere: mif@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <mif.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mif>, <mailto:mif-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mif>
List-Post: <mailto:mif@ietf.org>
List-Help: <mailto:mif-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mif>, <mailto:mif-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 01:18:44 -0000

Hi,

On Sun, Oct 23, 2011 at 7:49 PM, Mark Andrews <marka@isc.org> wrote:
>
> In message <96472FB7-8425-4928-8F55-2ABF2CB59A93@conundrum.com>om>, Matthew Pounse
> tt writes:
>>
>> On 2011/10/22, at 15:21, Keith Moore wrote:
>>
>> >
>> > On Oct 22, 2011, at 2:42 PM, Doug Barton wrote:
>> >
>> >> 1. I think we're all in agreement that dot-terminated names (e.g.,
>> >> example.) should not be subject to search lists. I personally don't have
>> >> any problems with any document mentioning that this is the expected
>> >> behavior.
>> >
>> > agree.  however there are standard protocols for which a trailing dot in a
>> domain name is a syntax error.
>>
>> Any protocol that makes a standard FQDN a syntax error is itself in error.  N
>> ot to say that these don't exist, but if people are writing protocols that ca
>> n't deal with a properly formatted FQDN they need to stop.  Now.
>
> Except it isn't a standard hostname.  Periods *seperate* labels in
> hostnames RFC 952.  They DO NOT appear at the end of hostnames.

Isn't there the the root label, which is the null string, at the end
of all FQDNs, so the period at the end does separate labels?

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com

> Appending a period to the end of a name is user interface hack to
> prevent searching.  If is also a way to prevent the appending of
> the current origin to all names in a DNS master file as the current
> origin is always appended if it isn't done.
>
> In addition single labels are not HEIRACHICAL / DOMAIN STYLE names
> as envisioned when we went from a flat namespace of simple hostnames
> to a heirarchical namespace.
>
>        foo.bar is a heirachical hostname.
>        bar is a simple hostname.
>
> Why are we trying to bring them back on a global context?
>
>> > Strongly disagree.  That would leave users without a protocol-independent w
>> ay of unambiguously specifying "this is a fully-qualified domain name".
>> >
>> > The practice of applying search lists to names with "."s in them needs to d
>> ie.
>>
>> I can't agree with this statement.  As others have said, the practice of usin
>> g a search list to allow 'ssh foo.bar' to reach 'foo.bar.example.com' isn't g
>> oing anywhere, and there are a lot of people that make extensive use of the c
>> onvenience.  Ask any security professional about how easy it is to compete wi
>> th convenient access.
>>
>> I think we need to accept that this practice is here to stay, and figure out
>> how to deal with it on those terms.
>
> People deal with all sorts of changes.  Point out the obvious
> security flaws, make enough fuss, vendors have to ship with this
> behaviour gone/disabled.  People stop worrying about it.
>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg
>