In message <capt1n1kknru+mf-jvti_cks25+7g5bfh8yko53-vkgzqvre...@mail.gmail.com> , Ted Lemon writes: > The discussion had covered the failure mode problem. There is substantial > agreement that it's better for a stub that issues a query for localhost to > fail than to succeed. You seem to disagree.
There are lots of people that don't want to deal with ICANN politics and that is clouding their technical judgements. > You haven't stated a reason for disagreeingâinstead you've vigorously > asserted that this is true. It's fine for you to do this, but if you were > to get your way, that would be exactly the bad outcome I want to avoid. So you want to break EVERY protocol that uses SRV to localhost. I stated clearly that there is stuff that you can do with DNS that you can't do with /etc/hosts, NIS, etc. One shouldn't have to itemise everything that will be broken because full functionality is not being provided. > So if there really is a problem here, it would be good for you to make it > clear. Your stated desire to preserve flexibility makes sense to me, but it > doesn't contradict the reason already given for *not *providing that > flexibility. > > Is there some *other* reason why this is important to you, or is that it? > > On Sep 7, 2017 8:06 PM, "Mark Andrews" <ma...@isc.org> wrote: > > > > > In message <bfaecdaf-8f4b-4c8d-ab7e-1615bd54e...@fugue.com>, Ted Lemon > > writes: > > > > > > On Sep 7, 2017, at 12:59 AM, Mark Andrews <ma...@isc.org> wrote: > > > > I shouldn't BE FORCED to hard code special LOCALHOST rules into DNS > > > > tools. Lookups should "just work" like they did before the root > > > > zone was signed. > > > > > > Because...? > > > > Because there are things you can do with localhost as a DNS zone > > that you can't do with /etc/hosts, NIS, etc. as they are limited > > to addresses only. > > > > Localhost should work just like home.arpa. The tools we use shouldn't > > need special knowledge. Special knowledge means EVERYTHING needs > > to be tested to see if it works with localhost as well and regular > > names. That testing will get missed. If it doesn't get missed it > > costs more money. Workarounds for different behavior increases the > > probability of bugs being introduced as there will be seperate code > > paths. > > > > If I want to add a local trust anchor for localhost I will then > > need additional code to disable the workaround for the fact the > > root doesn't have a insecure delegation. > > > > Mark > > -- > > Mark Andrews, ISC > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org > > > > --94eb2c05f4ca9dd1520558a42ee2 > Content-Type: text/html; charset="UTF-8" > Content-Transfer-Encoding: quoted-printable > > <div dir=3D"auto">The discussion had covered the failure mode problem. Ther= > e is substantial agreement that it's better for a stub that issues a qu= > ery for localhost to fail than to succeed. You seem to disagree.<div dir=3D= > "auto"><br></div><div dir=3D"auto">You haven't stated a reason for disa= > greeing=E2=80=94instead you've vigorously asserted that this is true. I= > t's fine for you to do this, but if you were to get your way, that woul= > d be exactly the bad outcome I want to avoid.=C2=A0</div><div dir=3D"auto">= > <br></div><div dir=3D"auto">So if there really is a problem here, it would = > be good for you to make it clear. Your stated desire to preserve flexibilit= > y makes sense to me, but it doesn't contradict the reason already given= > for <i>not </i>providing that flexibility.=C2=A0</div><div dir=3D"auto"><b= > r></div><div dir=3D"auto">Is there some <i>other</i> reason why this is imp= > ortant to you, or is that it?</div></div><div class=3D"gmail_extra"><br><di= > v class=3D"gmail_quote">On Sep 7, 2017 8:06 PM, "Mark Andrews" &l= > t;<a href=3D"mailto:ma...@isc.org";>ma...@isc.org</a>> wrote:<br type=3D"= > attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;b= > order-left:1px #ccc solid;padding-left:1ex"><br> > In message <<a href=3D"mailto:BFAECDAF-8F4B-4C8D-AB7E-1615BD54EF93@fugue= > .com">BFAECDAF-8F4B-4C8D-AB7E-<wbr>1615bd54e...@fugue.com</a>>, Ted Lemo= > n writes:<br> > ><br> > > On Sep 7, 2017, at 12:59 AM, Mark Andrews <<a href=3D"mailto:marka@= > isc.org">ma...@isc.org</a>> wrote:<br> > > > I shouldn't BE FORCED to hard code special LOCALHOST rules in= > to DNS<br> > > > tools.=C2=A0 Lookups should "just work" like they did b= > efore the root<br> > > > zone was signed.<br> > ><br> > > Because...?<br> > <br> > Because there are things you can do with localhost as a DNS zone<br> > that you can't do with /etc/hosts, NIS, etc. as they are limited<br> > to addresses only.<br> > <br> > Localhost should work just like home.arpa.=C2=A0 The tools we use shouldn&#= > 39;t<br> > need special knowledge.=C2=A0 Special knowledge means EVERYTHING needs<br> > to be tested to see if it works with localhost as well and regular<br> > names.=C2=A0 That testing will get missed.=C2=A0 If it doesn't get miss= > ed it<br> > costs more money.=C2=A0 Workarounds for different behavior increases the<br= > > > probability of bugs being introduced as there will be seperate code<br> > paths.<br> > <br> > If I want to add a local trust anchor for localhost I will then<br> > need additional code to disable the workaround for the fact the<br> > root doesn't have a insecure delegation.<br> > <br> > Mark<br> > --<br> > Mark Andrews, ISC<br> > 1 Seymour St., Dundas Valley, NSW 2117, Australia<br> > PHONE: <a href=3D"tel:%2B61%202%209871%204742" value=3D"+61298714742">+61 2= > 9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= > =A0INTERNET: <a href=3D"mailto:ma...@isc.org";>ma...@isc.org</a><br> > </blockquote></div></div> > > --94eb2c05f4ca9dd1520558a42ee2-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
