[DNSOP] Remarks about draft-wkumari-dnsop-internal-00

Thu, 07 Sep 2017 07:33:14 -0700 

draft-wkumari-dnsop-internal-00 proposes to reserve .internal for
RFC1918-like domain names. There is clearly a strong demand for that.
(There is also a strong demand for happy sex, great food, excellent
wines and diamong rings, but let's ignore it for the moment).

The document clearly documents that it will not happen, since it
requires an entire new process at ICANN.

The draft requires a delegation to AS112. Since one of the goals is to
limit leaks, I'm not sure it is a good idea. During the development
of draft-bortzmeyer-dname-root, several people noticed that, unlike
the root, the AS 112 is managed by an unbounded set of unknown
operators. Not great for privacy.

Regarding section 4 (DNSSEC), I wonder if it would be a better idea to
have a name like that in the root:

shouldnotarriveattheroot.internal. IN TXT "Check your resolvers"

This way, requests for anything.internal which leaked at the root
would receive an insecure denial of existence (since there is no DS
for .internal). Problem solved, no?

% dig @localhost -p 9053 NS printer.internal                  
...
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53323
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
...
;; AUTHORITY SECTION:
intel.                  86400 IN NSEC shouldnotarriveattheroot.internal. NS DS 
RRSIG NSEC
intel.                  86400 IN RRSIG NSEC 13 1 86400 (
                                20171005142909 20170907142909 6172 .
                                RMtu2iXqWAO7LOuB2L/IgbfSuf3h6d7eTQdnEshw+uZT
                                WDz0HuSHUeC5YJTxPc2qwGN8xa6dmeGGLX6rTkpWaQ== )
.                       86400 IN SOA a.root-servers.net. 
nstld.verisign-grs.com. (
                                2017090702 ; serial
                                1800       ; refresh (30 minutes)
                                900        ; retry (15 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
...

[Note it would not solve the ICANN problem.]

Also, it may be a good idea to add an "Internationalization
considerations" section. If people want a memorable domain name (and
not, say, the TLD .693268ed5948276cb48c3f3339ac465d, which would work
as well), it's because it is typable and rememberable), they may want
it in other languages.



_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to