[dns-operations] How should work name resolution on a modern system?

Viktor Dukhovni ietf-dane at dukhovni.org
Wed Jun 15 20:57:05 UTC 2022


On Wed, Jun 15, 2022 at 04:24:01PM -0400, Dave Lawrence via dns-operations wrote:

> I'm aware "SSAC also recommends that the use of DNS resource records
> such as A, AAAA, and MX in the apex of a TopLevel Domain (TLD) be
> contractually prohibited where appropriate and strongly discouraged in
> all cases," yet still note that saying "getaddrinfo should not result
> in single label 'A' or 'AAAA' DNS queries" is a meaningful policy
> change to an API that's older than some of the people on this mailing
> list.

The IETF tends to be very conservative in leave lots of lattitude in its
specifications for various potential corner cases.  The caution is often
times warranted, and yet in the same 3 decades or so nothing has changed
the fact that A/AAAA records at TLDs are profoundly fragile.

So as a platform library maintainer, I'd be stricter than IETF was
willing to be, and would in fact have getaddrinfo(3) return an empty
list for "some-tld" and even "some-tld.", with the notable exception of
"localhost", whith the nsswitch code sending no A/AAAA DNS queries for
TLDs.  Only /etc/hosts and other local sources would be consulted.

-- 
    Viktor.


More information about the dns-operations mailing list