---------- Forwarded message ----------
From: william manning <chinese.apri...@gmail.com>
Date: Sat, Aug 5, 2017 at 5:33 PM
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
To: John Levine <jo...@taugh.com>
i think the question hinges on zone completion logic and fully qualified
when localhost appears as:
localhost IN AAAA 3ffe:53::53
without the trailing dot, zone completion logic should ensure that it is
NOT treated as a TLD.
whereas if I code this:
localhost. IN AAAA 3ffe:53::53
that is a clear indication that I am running my own root zone and defining
my own view of the DNS namespace for class IN. Shouldn't apps depend on
the DNS to serve trustworthy, correct, data?
On Sat, Aug 5, 2017 at 2:01 PM, John Levine <jo...@taugh.com> wrote:
> In article <CAAiTEH9=RNDrUmSOs8Rg2Ea4+as9pg=j5jnU6Y=nc8A4Z1aPog@mail.
> gmail.com> you write:
> >In the case where 'localhost' is being passed to DNS resolution software,
> >validating stub (for example inside a web browser) needs a way to know
> >the 'localhost' TLD should be treated as insecure. In that case, the only
> >way to accomplish that is ...
> ... by having the stub or cache treat localhost as a special case.
> I use unbound as my cache which as far as I know has always done that.
> Are there caches that don't? Are there validating stubs that don't?
> My reading of this draft is that if you don't treat localhost as a
> special case already, it's time to get with the program.
> > with an insecure delegation at the root.
> DNSOP mailing list
DNSOP mailing list