On 24 Jul 2018, at 10:35, Paul Wouters wrote:
While I agree with the goal of the draft, to keep root server queries
on
the local host, I don't like how it is suggesting to run a DNS server
on
localhost:53, because that is going to cause problems with running
validating resolvers on the stub. There is already enough racy
conditions on systems with virtual machines and running dhcp/dns
servers
for those that are racing to own 127.0.0.1:53
If you find a place where the draft is suggesting that, please let us
know: it should not be doing that. That's why the draft explicitly
states:
.. . .
2. Start the authoritative server with the root zone on an address
on the host that is not in use. For IPv4, this could be
127.0.0.1, but if that address is in use, any address in 127/8
is
acceptable. For IPv6, this would be ::1.
.. . .
The examples here use a loopback address of 127.12.12.12, but
typical
installations will use 127.0.0.1. The different address is used in
order to emphasize that the root server does not need to be on the
device at the name "localhost" which is often locally served as
127.0.0.1.
.. . .
But again, having a well integrated method for slaving the root zone
on
a local validating stub resolver is something that everyone should do
(along with query minimalization)
Hopefully, that's a recommendation for adoption of the draft.
--Paul Hoffman
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
