On Friday, 9 May 2025 20:52:39 CEST Andrew Sullivan wrote: > I didn't have time to write a short note, so I wrote a long one instead. More detail is better than less, it was a good read!
> One of the things about mostly disappearing from the IETF for a while and > returning is to be reminded how stuff stays the same, and I am nonplussed > to see that this is one of those topics. I contend once again that there > is a reason people keep getting wound around this axle, and it is the > failure to take into account different classes of things. Truthfully, I find it a bit amusing how sensitive this WG is to the .onion subject. The Tor project has unilaterally decided that .onion was going to be their suffix for a non-DNS use, and that eventually (inevitably) made its way into the DNS. Leaving the DNS community with no option but to reluctantly accept it. I've spoken to the Tor developers at FOSDEM (which I regularly attend) before, they do seem to have their hearts in the right place. I have not talked to them about DNS-related issues like what's at the root of this discontent, so what follows are my own thoughts. If it were up to me though, and I were to be in charge of the Tor project.. would I want to interact with the IETF about it? I'm here now so clearly I do, but can I blame those who (possibly) did not? Processes and debates are good, until they become an impediment to progress. > Good examples of this are .local and .onion. Each of these is supposed to > tell a resolver, "Look out! We're switching protocols!" A conforming > resolver will do the right thing. Of course, this being the Internet, > there is no way to know whether a given system will in fact be conforming, > so the documents have to specify what to do in case such protocol switches > don't work (and they do so). This is where I think the IETF and the RFCs it produces shines. Regardless of what "consensus by the Internet community" means and who populates it (anyone can, if they have thick skin and know what they're talking about), it does serve as a meaningful anchor for people and organizations alike to use. With .internal, this would be related to what domain suffix is to be used, in internal network configs that are advanced enough to use full-fledged DNS with zone files. What needs to be done in establishing that name, is lowering the barrier enough to give people/organizations a reason to use it over the alternatives they can unilaterally decide on as well. > This would seem to entail that, if you want to use a domain name outside the > context of the global public DNS but still want to use the DNS with it, you > should just register a domain name and use that, and not publish the > records in a public manner. Pretty much yes, register a second-level domain from anywhere and use that has been the traditional advice. My prior rebuttal to that has been that those domains can expire, or be taken away. For internal use, stability matters because it's an anchor for all activities within a given network / set of networks. That is where .internal would really prove useful, it is a record pretty much set in stone if ICANN / IANA are the ones to be responsible for it. And, to be clear, this email shows that I have at least two public domains, that is not the issue here. What matters here is stability of those registrations. > And so we are at the degenerate case of giving a place within the DNS, that > uses the DNS in a normal way, but that is officially reserved as being for > private use. > Perhaps this is just a long way of saying that RFC 1918-for-DNS is actually > a terrible, no good, very bad idea, but people are going to do it anyway. We are, and certainly I am. This is why I think .internal is so important; there is precedent to this being necessary, just like official delegation of private-use IP addresses has been prior. It gives a namespace for network operators with their own DNS servers to use within their internal networks. When I designed these networks of mine, this delegation was not made, so I picked .lan because, well, it was a short name and it was a LAN I was working with. That then expanded into what it is now. But if I had caught wind of .internal 10 years ago when I laid the groundwork, I'd dare to put my hand on the Bible that I would've at least considered it. Because it would've saved me so much headache moving the whole thing over today. -- Met vriendelijke groet, Michael De Roover Mail: i...@nixmagic.com Web: michael.de.roover.eu.org _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
