[Yeti DNS Discuss] [Experiment idea] DNAME from .local to AS112

Paul Vixie paul at redbarn.org
Mon Apr 25 03:43:14 UTC 2016

Stephane Bortzmeyer wrote:
> On Fri, Apr 22, 2016 at 11:40:45PM +0800,
>   Shane Kerr<shane at biigroup.cn>  wrote
>   a message of 30 lines which said:
>> Personally I think it is more important to keep with the *spirit* of
>> the Yeti policy, which I think is that we intend to work the same as
>> the IANA root from the end user point of view.

we did not describe the "spirit" which, i agree, is no production level 
competition to the iana system of publication or allocation. what we 
said was "there will be no amendments".

the people who would have to certify that we were acting within the 
spirit of what we said at our outset would be the authority operators, 
and the recursive operators, and somebody like the IETF. we can't be the 
ones certifying that, or we'll be seen as the fox guarding the hen house.

> I fully agree. In my opinion, when we promised "we will respect the
> IANA name space", it clearly meant "we will not redelegate .com to
> someone else than Verisign and we will not add .amazon if it is not in
> the IANA root". Adding DNAME for non-existing TLD is not "an alternate
> name space".

what a name space is and what a domain name is, are currently being 
argued. we can't presume upon the outcome of that argument. there's no 
safe harbor in that argument for our possible use of .local or similar.

> Also, do note a very important point in the Internet-Draft: Yeti does
> not cherry-pick the TLD to delegate to AS112. We rely on a choice (the
> special-use domain registry) already sanctioned by IETF and recorded
> by IANA. Therefore, we will not have, inside Yeti, discussions about
> "should we also delegate .belkin or not?"

i know. but had we carved this out initially, i think public acceptance 
of our experiment would have been lower, since we would have been seen 
as more controversial. at any rate we must assume that this is possible 
for some participants, and therefore, we must get their permission to 
amend the namespace we're offering, or else, it must be exactly 
equivilent to the IANA name space. all we change, today, is the apex NS 
RR, and the DNSSEC keys and signatures and delegated signers. that must 
not change without full public review equal to what we had before day 1.

ideally, IANA itself would publish an experimental zone containing new 
AS112 delegations, after having been requested to do so by the IETF, and 
we could just publish that zone, with our DNSSEC signatures. that's an 
outcome worth working for, since it would help other experimenters also. 
but, do to the "third rail" problem, i think it can't be done.

P Vixie

More information about the discuss mailing list