>But it's worse than that -- if your client software does DNSSEC >validation it needs to understand that homenet is a special case and >it's OK not to validate. This brings us to one of the knottiest parts >of special use names, which is that they're all handled differently. >For .onion, it's generally handled in a SOCKS proxy in the >application, for .local it's handled by mDNS, and for .localhost it's >special cased in the stub client library. (There are of course other >ways one could do it, e.g., a .onion proxy on a LAN could intercept >AAAA lookups, and return link-local addresses it serves.)
Forgot to mention: homenet is a fourth model, special cased in the cache, which is an occasional but I think infrequent alternate implementation for .localhost. There's implicitly a fifth for .example, .test, and .invalid which are expected to get a normal NXDOMAIN. I expect when the next 6761 candidate comes along, it'll be handled in yet another grotty way. But still: >So having said all this, I agree with Steve that an unsigned delegation >is a bad idea, not because all unsigned delegations are necessarily >bad, but because this one wouldn't solve enough problems to be worth >the ugly and ambiguous precedent it'd set. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
