localhost is just a string, like www or mail or supralingua. A DNS operator may chose to map any given string to any given IP address. restricting ::1 so that it never leaves the host is pretty straight forward. if I map localhost to 3ffe::53:dead:beef and NOT ::1 in my systems, why should you care? if you are concerned that completion logic is broken in resolvers and the string "localhost" is not appended to the domain, then you really are asking for the root servers to backstop the query with an entry for localhost. and for the first 20 years of the DNS, there was an entry for localhost. in many of the root servers. it was phased out for several reasons, two key ones were DNSSEC and the fact that most resolvers had corrected their broken completion logic. There is no good reason to bring it back for special processing. It's just a string.
/Wm On Tue, Aug 1, 2017 at 11:59 AM, Jacob Hoffman-Andrews <j...@eff.org> wrote: > On 08/01/2017 03:48 AM, Mike West wrote: > > The only open issue I know of is some discussion in the thread at > > https://www.ietf.org/mail-archive/web/dnsop/current/msg18690.html that I > > need help synthesizing into the draft. I don't know enough about the > > subtleties here to have a strong opinion, and I'm happy to accept the > > consensus of the group. > > Reading back through this thread, it seems like the concerns were about > how to represent the ".localhost" TLD in the root zone, or how to use > DNSSEC to express that the root zone will not speak for ".localhost". > However, I think we don't need either. This draft attempts to codify the > idea that queries for "localhost" or "foo.localhost" should never leave > the local system, and so it doesn't matter what the root zone says about > ".localhost". > > I would even take it a step further: It would be a mistake to add any > records for ".localhost" to the root zone, because it would mask > implementation errors. If a local resolver accidentally allows a query > for "foo.localhost" to hit the wire, it should result in an error. > > IMHO, the document is good as it stands. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
