Hello John,
On 13 Sep 2017, at 4:15, John Levine wrote:
In article <63da2e77-8507-4f25-8684-14eabf9a5...@powerdns.com> you
write:
Since we are doing a draft/RFC on what localhost is and is not, I
suggest we put some text in there banning (MUST NOT) the practice of
having localhost entries (at least those pointing to 127.0.0.1/::1?)
in
auth zones. If there is agreement on this I am happy to contribute
text.
This may mean having to say we are updating RFC 1912.
Believe it or not, there are real non-loopback localhost domain names,
like localhost.reddit.com.
That’s why I had (at least ..) in there. Non-loopback localhost names
are not a problem, unless, perhaps via search lists, they confuse
browsers into wrong trust levels.
I agree that localhost.<foo> pointing to loopback is generally asking
for trouble, but I am not at this point sufficiently confident that it
is never ever a good idea to say MUST NOT rather than SHOULD NOT. I
can for example imagine ways that might make some kinds of debugging
easier.
I would settle for SHOULD NOT. Can you elaborate on the debugging?
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
