Re: [mif] bare names (was: [dnsext] 2nd Last Call for MIF DNS server selection document)

Keith Moore <> Wed, 19 October 2011 14:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C4C7C21F8B14 for <>; Wed, 19 Oct 2011 07:46:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.844
X-Spam-Status: No, score=-3.844 tagged_above=-999 required=5 tests=[AWL=-0.245, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id J6UpVdaNd+EN for <>; Wed, 19 Oct 2011 07:46:39 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 023A721F8B09 for <>; Wed, 19 Oct 2011 07:46:38 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.mail.srv.osa []) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id B538E20DFB; Wed, 19 Oct 2011 10:45:05 -0400 (EDT)
Received: from frontend1.nyi.mail.srv.osa ([]) by compute1.internal (MEProxy); Wed, 19 Oct 2011 10:45:05 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=; h=subject:mime-version:content-type:from :in-reply-to:date:cc:content-transfer-encoding:message-id :references:to; s=smtpout; bh=BK58V2LFx7wBn6qJPTW9xLcDizs=; b=JA munW8LTUSENrCIwcD+K+vrvdKck8+D5g5N7y63Cm41lnkgF7h2Lwt4h1Mj1qdMZF RhFAITWxBVVYzKr4BTP7gHpb9TjcrEZoJP5hJXRX2Shk1xjxFu5RsIlvZ0u0kedB krh5cRLvxcPLjwC8uPE6zeBTUrHmyY459lrXyH8v8=
X-Sasl-enc: 6+TnX1Q/z4UjKt0tUz0cjxaPK5mGOh/nRn3qsTiS2GGd 1319035505
Received: from [] ( []) by (Postfix) with ESMTPA id BF382407D0A; Wed, 19 Oct 2011 10:45:04 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
From: Keith Moore <>
In-Reply-To: <>
Date: Wed, 19 Oct 2011 10:44:40 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <COL118-W55403198A984BAAE44BA47B1F70@phx.gbl> <> <> <> <> <> <>
To: Andrew Sullivan <>
X-Mailer: Apple Mail (2.1084)
Subject: Re: [mif] bare names (was: [dnsext] 2nd Last Call for MIF DNS server selection document)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiple Interface Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Oct 2011 14:46:39 -0000

On Oct 19, 2011, at 10:26 AM, Andrew Sullivan wrote:

> On Wed, Oct 19, 2011 at 09:48:23AM -0400, Keith Moore wrote:
>> I agree that search paths are somewhat broken.  What's not broken
>> is the idea of using single-label names as local names.
> [. . .]
>> split-brain DNS is an abomination that should be eradicated from the planet.
> By "local names", do you just mean "globally-accessible names that are
> of special interest to me?"

No, I'm saying that there is a need for a naming convention that allows names with local meaning (however the meaning is determined) to be distinguished from DNS names.  And longstanding practice is to use single-label names for this.

>  (If not, then unless you are arguing that
> everyone ought to be configuring /etc/hosts themselves, I don't see
> how the above two claims are consistent.  The way you get single-label
> names as local names (at least as deployed) is to use the seach path
> mechanism and look things up in the "local" DNS.  By definition, that
> means that split-brain DNS is in action: the DNS namespace is not, in
> that case, global.)

There are several different mechanisms in common use by which single-label names are resolved.  DNS search path is only one such mechanism.

> In any case, we do not have the option of eradicating split-brain DNS
> any more than we can un-know how to split atoms and make bombs.  Once
> such an innovation exits, we have to figure out how to cope with it to
> the extent it can be coped with.  I too think that split-brain DNS is
> a mistake, and I think most of the things people are doing with it are
> foolish and stupid, but they are doing it.  We can either make the
> network work as well as it can in the presence of such systems, or
> live with the inventions that such innovators come up with in an
> attempt to bandage the foot they just shot. 

Sometimes the thing to do is not to try to accommodate every mistake that people make, but to clearly set a path forward that addresses people's problems in a better way.

>> and sometimes, single-label names are set up to work correctly on
>> multiple networks - the salient point being that the meaning of the
>> name might be inherently context-sensitive.
> Right, but not by virtue of it being single-label.  You can look up
> single labels in the DNS just fine.

Yes, technically speaking, the DNS protocol can be used to look up single-label names at the root.  But because single label names existed before DNS, and also because single label names haven't been used with DNS to date, longstanding practice is to treat single label names differently than names with dots in them.