In message <[email protected]>, Ted Lemon writes: > > On Sep 7, 2017, at 12:59 AM, Mark Andrews <[email protected]> wrote: > > I shouldn't BE FORCED to hard code special LOCALHOST rules into DNS > > tools. Lookups should "just work" like they did before the root > > zone was signed. > > Because...?
Because there are things you can do with localhost as a DNS zone that you can't do with /etc/hosts, NIS, etc. as they are limited to addresses only. Localhost should work just like home.arpa. The tools we use shouldn't need special knowledge. Special knowledge means EVERYTHING needs to be tested to see if it works with localhost as well and regular names. That testing will get missed. If it doesn't get missed it costs more money. Workarounds for different behavior increases the probability of bugs being introduced as there will be seperate code paths. If I want to add a local trust anchor for localhost I will then need additional code to disable the workaround for the fact the root doesn't have a insecure delegation. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
