On Jan 26, 2018, at 2:16 PM, Viktor Dukhovni <[email protected]> wrote: > Disagreed, with respect to recursive resolvers, because the > requirement is neither necessary nor sufficient to achieve the > stated security goals, is not required for interoperability, and > is in conflict with existing uses of local data for localhost.
The point of the requirement is that it breaks stacks that use DNS to look up localhost. If you think there's no risk to applications that rely on this, obviously it's not worth doing. The reason I'm being such a stickler about this is that we have beaucoup experience over the past two decades that if there is an attack surface, somebody will come up with an attack. It's better to fail safe than fail unsafe. If apps are breaking all over the place because they use DNS to look up localhost, then we all win in the long run. That said, I absolutely do not want to deprive you of the ability to do your hack. I just don't think that the current text does that. If the way the stack accomplishes the MUST is to have some code in nsswitch.conf that does the right thing, I think that follows the MUST. If it were really true that that were not the case, I would agree with you. (And as an aside, you are correct to point out the error of my statement about localhost versus home.arpa.) The reason I drilled down into your use case is that I don't think there's ever going to be a time when Christos disables this behavior. So I don't think this text is going to actually create an inconvenience for you. That's not the point of writing that MUST. Is there a way we can change what the text says so that it's sufficiently emphatic to make me happy, and sufficiently open to make you unhappy?
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
