On Jan 25, 2018, at 12:54 PM, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > I'm fine with recursive resolvers not *forwarding* > "localhost.", but forbidding local answers is I think taking it > too far and counter-productive.
Can you talk about why you think this is important? I ask because the point of forbidding local answers is that it's an attack surface we'd like to close. If there's a reason not to close it, it would be good to understand the use case you have in mind in terms of how much value we would lose in exchange for the value we'd gain in closing that attack surface. Also, it's worth bearing in mind that regardless of what this document says, you can always answer queries to 'localhost.' Is there a reason why that's not enough to satisfy your use case?
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
