On Wed, Aug 2, 2017 at 9:34 AM, Joe Abley <jab...@hopcount.ca> wrote:

> Hi Mike,
>
> On Aug 2, 2017, at 09:54, Mike West <mk...@google.com> wrote:
>
> What would you like to see in the document in order to address this
> concern? A requirement that a `localhost` zone be created and delegated as
> an insecure delegation, using some of the language from the draft above
> (e.g. "This delegation MUST NOT be signed, MUST NOT include a DS record,
> and MUST point to one or more black hole servers, for example '
> blackhole-1.iana.org.' and 'blackhole-2.iana.org.'.")?
> Any such delegation would be lame, and is a bad idea just for that reason.
> There's no foolproof way to add or drop zones hosted on the whole AS112
> server ssystem due to the lack of coordination between AS112 node operators
> -- despite the good communication between many such operators, there's no
> good way to tell what nodes you don't know about.
>
> If you really wanted to sink queries in the top-level domain LOCALHOST a
> better approach would to use DNAME (see RFC 7535). But note that I'm not
> expressing an opinion on whether that's a good idea, either philosophically
> or practically, in this specific example.
>

It seems like the desired behavior for the DNS infrastructure here is the
same as for .onion -- return NXDOMAIN.  After all, these are queries that
should never leave the end host, so anything not on the host should handle
them as an error.

cf. https://tools.ietf.org/html/rfc7686#section-2




>
>
> Joe
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>
>
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to