---------- Forwarded message ---------- From: william manning <chinese.apri...@gmail.com> Date: Sat, Aug 5, 2017 at 5:33 PM Subject: Re: [DNSOP] Status of "let localhost be localhost"? To: John Levine <jo...@taugh.com>
i think the question hinges on zone completion logic and fully qualified domain names. when localhost appears as: localhost IN AAAA 3ffe:53::53 without the trailing dot, zone completion logic should ensure that it is NOT treated as a TLD. whereas if I code this: localhost. IN AAAA 3ffe:53::53 that is a clear indication that I am running my own root zone and defining my own view of the DNS namespace for class IN. Shouldn't apps depend on the DNS to serve trustworthy, correct, data? /Wm On Sat, Aug 5, 2017 at 2:01 PM, John Levine <jo...@taugh.com> wrote: > In article <CAAiTEH9=RNDrUmSOs8Rg2Ea4+as9pg=j5jnU6Y=nc8A4Z1aPog@mail. > gmail.com> you write: > >In the case where 'localhost' is being passed to DNS resolution software, > a > >validating stub (for example inside a web browser) needs a way to know > that > >the 'localhost' TLD should be treated as insecure. In that case, the only > >way to accomplish that is ... > > ... by having the stub or cache treat localhost as a special case. > > I use unbound as my cache which as far as I know has always done that. > Are there caches that don't? Are there validating stubs that don't? > > My reading of this draft is that if you don't treat localhost as a > special case already, it's time to get with the program. > > R's, > John > > > with an insecure delegation at the root. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
