From marka@isc.org Tue Dec 15 22:48:35 2015 MIME-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) In-Reply-To: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, T_RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0 X-Mailer: Apple Mail (2.1510) X-RT-Interface: API References: <56702450.7030308@acm.org> content-type: text/plain; charset="utf-8" Message-ID: X-RT-Original-Encoding: utf-8 Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by bugs.isc.org (Postfix) with ESMTP id 6BCFB71B586 for ; Tue, 15 Dec 2015 22:48:35 +0000 (UTC) Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id A8EC43493BC for ; Tue, 15 Dec 2015 22:48:33 +0000 (UTC) Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 4EACB16003C for ; Tue, 15 Dec 2015 22:51:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 403B3160070 for ; Tue, 15 Dec 2015 22:51:29 +0000 (UTC) Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id odAPKq0LsDl3 for ; Tue, 15 Dec 2015 22:51:29 +0000 (UTC) Received: from [172.30.42.69] (c122-106-161-187.carlnfd1.nsw.optusnet.com.au [122.106.161.187]) by zmx1.isc.org (Postfix) with ESMTPSA id 9697716003C for ; Tue, 15 Dec 2015 22:51:28 +0000 (UTC) Delivered-To: bind9-bugs@bugs.isc.org Subject: Re: [ISC-Bugs #41298] Special use zone handling Return-Path: X-Original-To: bind9-bugs@bugs.isc.org Date: Wed, 16 Dec 2015 09:48:29 +1100 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org To: bind9-bugs@isc.org Content-Transfer-Encoding: quoted-printable From: "Mark Andrews" RT-Message-ID: Content-Length: 1432 On 16/12/2015, at 1:31 AM, "Timothe Litt via RT" wrote: > > Tue Dec 15 14:31:56 2015: Request 41298 was acted upon. > Transaction: Ticket created by litt@acm.org > Queue: bind9 > Subject: Special use zone handling > Owner: Nobody > Requestors: litt@acm.org > Status: new > Ticket > ----------------------------------------------------------------------- > > Currently bind supports automatic empty zones (only) for reverse address > zones in private IPv4 and reserved IPv6 spaces. It doesn't do other > special-use zone handling specified in several RFCs. > > http://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml > > The other "special-use" zones (as of today) are: > > example. > example.com. > example.net. > example.org. > invalid. > local. > localhost. > onion. > test. > > It seems to me that most of the missing special handling can be > implemented by adding automatic empty zones. Actually they can't for the names in the root zone. Queries for these names that make it to the DNS still need to have negative responses that can be handed to a validator and not get bogus out the other end. The automatic empty zones do not achieve that. The simplest way to not send traffic to the root servers is to slave the root zone. This doesn't help with example.{com.net,org}. Mark