In message <[email protected]>, "John Levine" writes: > >After adding localhost to the root zone, the only thing that would change > >is that asking the root zone for <blah>.localhost now results in > >localhost. 86400 IN NSEC locker. A AAAA > >localhost. 86400 IN RRSIG NSEC 8 1 86400 [...] > > > >Which still proves that <blah>.localhost doesn't exist. > > > >I'd say, no difference for that use case. > > Right. That's why it'd need NSEC3 and opt-out. > > >>Putting A and AAAA records in the root is another thing that is > >>technically simple but would require a rule change at IANA, and I don't > >>think it's worth the hassle. > > > >Does the MoU between the IETF and ICANN really say no A records in the root > >zone? Or is there another policy document between IETF and IANA? > > IANA has a whole bunch of policies about the management of the root > that do not contemplate anything other than delegations and glue in > the root zone. As I said, it wouldn't be impossible to change, but it > would be a lot of work. It is my impression that just about > everyone's DNS resolvers already have a special case for plain > "localhost" so there is little point. > > Start here: https://www.iana.org/domains/root > > R's, > John
Adding A and AAAA for localhost is not the correct solution. Whether there should be a A or AAAA or both or none is the local machines decision not IANA's. It's IANA's job to pass control of the namespace to the local machine. We do this in the DNS by adding a delegation. That delegation also needs to insecure. localhost. NS a.root-servers.net. localhost. NS b.root-servers.net. localhost. NS c.root-servers.net. ... localhost. NS m.root-servers.net. localhost NSEC locker. NS localhost. RRSIG NSEC 8 1 86400 [...] and the root servers also have a "empty" zone for localhost with the above set of NS records in it. Mark > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
