Re: [Add] I-D Action: draft-reddy-add-enterprise-split-dns-08.txt

Joe Abley <jabley@hopcount.ca> Mon, 24 January 2022 17:29 UTC

Return-Path: <jabley@hopcount.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D7D93A0CBA for <add@ietfa.amsl.com>; Mon, 24 Jan 2022 09:29:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=hopcount.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3A43r8uO2x7W for <add@ietfa.amsl.com>; Mon, 24 Jan 2022 09:29:29 -0800 (PST)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D37B3A0CB3 for <add@ietf.org>; Mon, 24 Jan 2022 09:29:29 -0800 (PST)
Received: by mail-ej1-x62e.google.com with SMTP id me13so23467323ejb.12 for <add@ietf.org>; Mon, 24 Jan 2022 09:29:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hopcount.ca; s=google; h=content-transfer-encoding:from:mime-version:subject:date:message-id :references:cc:in-reply-to:to; bh=Wder3UxYIdvUACr6YpTUlL5esQiIuRD2AdEFFV+Bx9w=; b=XjbEebau989nYj8v0Q4vGpFyKzOgOXdpcj1370YZTAFQL2RLWI4hVu0+PeDPivQal4 r06gs5Zs4SEl3Rqu6duy4bmwLiz9IeSN5EuzMHzFjQSxkk5TIPxH9st3y9rQGVyV6YIA O0gswhGZoTQhl57dpedbv+wrzVtcY/xkV+yNk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:date:message-id:references:cc:in-reply-to:to; bh=Wder3UxYIdvUACr6YpTUlL5esQiIuRD2AdEFFV+Bx9w=; b=EbO79Bl8swdKTrxYUS94d4NSObJcWcvBkHyl+ME4NVDI7V1OjVmuxF5nljTaQAbo5p ZvZwNkjKw33IKaRHQrynQ4Xdlk2GiHlgfyujahCsJp76b0pSBrzBTk/9o59ywTonl9c0 UxbZ5JbUUJFTV8NIuoXb3PlxagOm16GqPyZ3NYrBGfajc0SvFM7SUdTyWAhDkiwn7nPT 4LVP1XQgC/0wXfVYwy4zlKZ1HcJLKtaykLoInQswBt7QVfrupvrQZ5QK7uhCNmJrtiZR GnFXAGzHtmZSfuwgdBZdI3Tf8U7bTsah8DFDEeH7FOMWnZ0Gta0c3yPi5YT69YwsR3wu hA+g==
X-Gm-Message-State: AOAM533ZKmBv/3vCpeD3L44Y8vqKdTPE3GSF0ljjXRVuCo/liA/e+KsR TK7X8Xd+jpW6+Ls2rMTiuC0TlQ==
X-Google-Smtp-Source: ABdhPJzTG/hLrmq/nV26gV0UZIaswrdJg2qtQjQb61qwZQQ+Mfr57qz0HtX15vmjUVR3mAhLxFUR3g==
X-Received: by 2002:a17:907:3e26:: with SMTP id hp38mr5243924ejc.715.1643045366986; Mon, 24 Jan 2022 09:29:26 -0800 (PST)
Received: from smtpclient.apple ([2a02:a210:52a:6680:f1f2:945c:b01d:cd9e]) by smtp.gmail.com with ESMTPSA id cf24sm5093759ejb.133.2022.01.24.09.29.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 24 Jan 2022 09:29:26 -0800 (PST)
Content-Type: multipart/alternative; boundary=Apple-Mail-14F55B61-618E-46E0-B52F-D5ACB043DE6A
Content-Transfer-Encoding: 7bit
From: Joe Abley <jabley@hopcount.ca>
Mime-Version: 1.0 (1.0)
Date: Mon, 24 Jan 2022 18:29:25 +0100
Message-Id: <0C381B9C-5323-4543-98BC-6E9757E7A55D@hopcount.ca>
References: <CAHbrMsAm1LzxXVVNyuwYDP69NBCXeNQV6DT5NjZebY2ZSPTerQ@mail.gmail.com>
Cc: Ralf Weber <dns@fl1ger.de>, Paul Wouters <paul@nohats.ca>, ADD Mailing list <add@ietf.org>, tirumal reddy <kondtir@gmail.com>
In-Reply-To: <CAHbrMsAm1LzxXVVNyuwYDP69NBCXeNQV6DT5NjZebY2ZSPTerQ@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
X-Mailer: iPhone Mail (19C63)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/Ge844RBqikzxf6yCyEg41pi_-n8>
Subject: Re: [Add] I-D Action: draft-reddy-add-enterprise-split-dns-08.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jan 2022 17:29:34 -0000

On Jan 24, 2022, at 16:58, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote:

> If you don't want "corp.example.com" to be mentioned publicly, then your internal resolver has to "claim" example.com. 

If you're using corp.example.com internally on a real network with real users, with or without split DNS, with or without DNSSEC, then it's definitely already public.

This is not a mathematical guarantee but a bet to the contrary would be given very poor odds by any competent bookmaker.


Joe