ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: I-D Action: draft-west-let-localhost-be-localhost-00.txt

2016-09-27 17:14:29
from [Mark Andrews] [Permanent Link] 

In message 
<alpine(_dot_)OSX(_dot_)2(_dot_)11(_dot_)1609271717330(_dot_)72382(_at_)ary(_dot_)qy>,
 "John R Levine" writes:

I'm probably not explaining myself well so I'll give an example. In the 
setup 
above, let's say you've set 127.0.1.1 to be your local DNS server, meaning 
that you might expect the following commands to work:
     $ dig mysite.localhost
  mysite.localhost IN A 127.0.0.1

  $ dig myothersite.localhost
  myothersite.localhost IN A 127.200.200.200

But, under this proposal wouldn't dig be obliged to refuse to forward the 
request onto 127.0.1.1? How does dig (or your browser or any other 
resolving 
API) know the difference between a bog standard caching DNS server and a 
local DNS server that has explicitly been set up to route local lookups?


I don't see why.  You're allowed to use common sense when interpreting 
RFCs, and the message here is clearly that if you want to interoperate you 
do not send queries for *.localhost out of your computer. The twisty way 
my or your internal DNS setup works is out of scope.

Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly


Well we really should ensure that there is a break in the DNSSEC
chain of trust between the root zone and the localhost zone.

i.e. a insecure delegation for localhost gets added to the root
zone pointing back to the root servers or another set of servers.

At least this is only changing how localhost is handled in the
special names registry rather than attempting to add it.

http://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml

I would just be asking for IANA to be creating the delegation
described above and for DNS recursive server vendors to be adding
a default localhost zone with SOA, NS, A and AAAA records at the
zone apex if none is otherwise configured in a manner similar to
RFC 6303.

The following will be consistent with RFC 6303.

localhost. 0 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800
localhost. 0 IN NS localhost.
localhost. 0 IN A 127.0.0.1
localhost. 0 IN AAAA ::1

One could also just do a "empty" zone.

Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka(_at_)isc(_dot_)org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: I-D Action: draft-west-let-localhost-be-localhost-00.txt, Emily Shepherd
Next by Date:  Review of draft-ietf-pals-rfc4447bis-05.txt, Ralph Droms
Previous by Thread:  Re: I-D Action: draft-west-let-localhost-be-localhost-00.txt, Emily Shepherd
Next by Thread:  Re: I-D Action: draft-west-let-localhost-be-localhost-00.txt, Patrick McManus
Indexes:  [Date] [Thread] [Top] [All Lists]