Do you know of protocols that use SRV to localhost in practice? Anyway, this is like the question of whether to trust IP addresses when using rsh. Remember rsh? There's a reason we don't use it anymore, even though it was definitely useful.
Localhost over DNS is analogous. On Sep 7, 2017 10:28 PM, "Mark Andrews" <[email protected]> wrote: > > In message <CAPt1N1kKNRU+mF-JVti_CKS25+7g5BFH8Yko53-VKgZqVreZuQ@mail. > gmail.com> > , Ted Lemon writes: > > The discussion had covered the failure mode problem. There is substantial > > agreement that it's better for a stub that issues a query for localhost > to > > fail than to succeed. You seem to disagree. > > There are lots of people that don't want to deal with ICANN politics > and that is clouding their technical judgements. > > > You haven't stated a reason for disagreeing—instead you've vigorously > > asserted that this is true. It's fine for you to do this, but if you were > > to get your way, that would be exactly the bad outcome I want to avoid. > > So you want to break EVERY protocol that uses SRV to localhost. I > stated clearly that there is stuff that you can do with DNS that > you can't do with /etc/hosts, NIS, etc. One shouldn't have to > itemise everything that will be broken because full functionality > is not being provided. > > > So if there really is a problem here, it would be good for you to make it > > clear. Your stated desire to preserve flexibility makes sense to me, but > it > > doesn't contradict the reason already given for *not *providing that > > flexibility. > > > > Is there some *other* reason why this is important to you, or is that it? > > > > On Sep 7, 2017 8:06 PM, "Mark Andrews" <[email protected]> wrote: > > > > > > > > In message <[email protected]>, Ted Lemon > > > writes: > > > > > > > > On Sep 7, 2017, at 12:59 AM, Mark Andrews <[email protected]> wrote: > > > > > I shouldn't BE FORCED to hard code special LOCALHOST rules into DNS > > > > > tools. Lookups should "just work" like they did before the root > > > > > zone was signed. > > > > > > > > Because...? > > > > > > Because there are things you can do with localhost as a DNS zone > > > that you can't do with /etc/hosts, NIS, etc. as they are limited > > > to addresses only. > > > > > > Localhost should work just like home.arpa. The tools we use shouldn't > > > need special knowledge. Special knowledge means EVERYTHING needs > > > to be tested to see if it works with localhost as well and regular > > > names. That testing will get missed. If it doesn't get missed it > > > costs more money. Workarounds for different behavior increases the > > > probability of bugs being introduced as there will be seperate code > > > paths. > > > > > > If I want to add a local trust anchor for localhost I will then > > > need additional code to disable the workaround for the fact the > > > root doesn't have a insecure delegation. > > > > > > Mark > > > -- > > > Mark Andrews, ISC > > > 1 Seymour St., Dundas Valley, NSW 2117, Australia > > > PHONE: +61 2 9871 4742 INTERNET: [email protected] > > > > > > > --94eb2c05f4ca9dd1520558a42ee2 > > Content-Type: text/html; charset="UTF-8" > > Content-Transfer-Encoding: quoted-printable > > > > <div dir=3D"auto">The discussion had covered the failure mode problem. > Ther= > > e is substantial agreement that it's better for a stub that issues a > qu= > > ery for localhost to fail than to succeed. You seem to disagree.<div > dir=3D= > > "auto"><br></div><div dir=3D"auto">You haven't stated a reason for > disa= > > greeing=E2=80=94instead you've vigorously asserted that this is > true. I= > > t's fine for you to do this, but if you were to get your way, that > woul= > > d be exactly the bad outcome I want to avoid.=C2=A0</div><div > dir=3D"auto">= > > <br></div><div dir=3D"auto">So if there really is a problem here, it > would = > > be good for you to make it clear. Your stated desire to preserve > flexibilit= > > y makes sense to me, but it doesn't contradict the reason already > given= > > for <i>not </i>providing that flexibility.=C2=A0</div><div > dir=3D"auto"><b= > > r></div><div dir=3D"auto">Is there some <i>other</i> reason why this is > imp= > > ortant to you, or is that it?</div></div><div > class=3D"gmail_extra"><br><di= > > v class=3D"gmail_quote">On Sep 7, 2017 8:06 PM, "Mark Andrews" > &l= > > t;<a href=3D"mailto:[email protected]";>[email protected]</a>> wrote:<br > type=3D"= > > attribution"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 > .8ex;b= > > order-left:1px #ccc solid;padding-left:1ex"><br> > > In message <<a href=3D"mailto:BFAECDAF-8F4B- > 4C8D-AB7E-1615BD54EF93@fugue= > > .com">BFAECDAF-8F4B-4C8D-AB7E-<wbr>[email protected]</a>>, Ted > Lemo= > > n writes:<br> > > ><br> > > > On Sep 7, 2017, at 12:59 AM, Mark Andrews <<a href=3D"mailto: > marka@= > > isc.org">[email protected]</a>> wrote:<br> > > > > I shouldn't BE FORCED to hard code special LOCALHOST rules > in= > > to DNS<br> > > > > tools.=C2=A0 Lookups should "just work" like they > did b= > > efore the root<br> > > > > zone was signed.<br> > > ><br> > > > Because...?<br> > > <br> > > Because there are things you can do with localhost as a DNS zone<br> > > that you can't do with /etc/hosts, NIS, etc. as they are limited<br> > > to addresses only.<br> > > <br> > > Localhost should work just like home.arpa.=C2=A0 The tools we use > shouldn&#= > > 39;t<br> > > need special knowledge.=C2=A0 Special knowledge means EVERYTHING > needs<br> > > to be tested to see if it works with localhost as well and regular<br> > > names.=C2=A0 That testing will get missed.=C2=A0 If it doesn't get > miss= > > ed it<br> > > costs more money.=C2=A0 Workarounds for different behavior increases > the<br= > > > > > probability of bugs being introduced as there will be seperate code<br> > > paths.<br> > > <br> > > If I want to add a local trust anchor for localhost I will then<br> > > need additional code to disable the workaround for the fact the<br> > > root doesn't have a insecure delegation.<br> > > <br> > > Mark<br> > > --<br> > > Mark Andrews, ISC<br> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia<br> > > PHONE: <a href=3D"tel:%2B61%202%209871%204742" > value=3D"+61298714742">+61 2= > > 9871 4742</a>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 > =C2= > > =A0INTERNET: <a href=3D"mailto:[email protected]";>[email protected]</a><br> > > </blockquote></div></div> > > > > --94eb2c05f4ca9dd1520558a42ee2-- > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: [email protected] >
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
