IETF Logo Mail Archive

Re: [Add] some background on split DNS with DNSSEC

Jim Reid <jim@rfc1035.com> Tue, 09 November 2021 15:49 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 209CF3A0877 for <add@ietfa.amsl.com>; Tue, 9 Nov 2021 07:49:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZnnTIAvExTO9 for <add@ietfa.amsl.com>; Tue, 9 Nov 2021 07:49:07 -0800 (PST)
Received: from shaun.rfc1035.com (shaun.rfc1035.com [93.186.33.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7AAF3A086E for <add@ietf.org>; Tue, 9 Nov 2021 07:49:06 -0800 (PST)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id D55682421541; Tue, 9 Nov 2021 15:49:03 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.7\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <8315C730-CFC2-4BBA-8909-1DD4AEC97352@pch.net>
Date: Tue, 09 Nov 2021 15:49:03 +0000
Cc: ADD Mailing list <add@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <C2054FCC-78DE-4FED-8CEF-0A79CD4732A1@rfc1035.com>
References: <yblk0hio8pu.fsf@w7.hardakers.net> <28611.1636465525@localhost> <3692CFBF-4D06-4960-9F7C-347A58D2D0A0@apple.com> <aea95242-4e80-e4cb-b5bb-da34105e7ed1@lear.ch> <CAPt1N1kGs851Q_BMq1NDzm80xHbrKLJWwt1JzAmZAtafXeoqPg@mail.gmail.com> <BF4069C2-225D-4BA6-97FC-5CB6B09DA657@pch.net> <b0527e86-9636-1d80-c2cf-526c6b050b90@lear.ch> <418D9CE4-6134-447A-A863-F028C325E4FF@pch.net> <b49bbf0f-dd8f-5592-de8e-96ffd87127bb@lear.ch> <8315C730-CFC2-4BBA-8909-1DD4AEC97352@pch.net>
To: Bill Woodcock <woody@pch.net>
X-Mailer: Apple Mail (2.3445.9.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/H5h60fmMhA4D4ZZzaSMNgypbK3s>
Subject: Re: [Add] some background on split DNS with DNSSEC
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Nov 2021 15:49:12 -0000


> On 9 Nov 2021, at 15:39, Bill Woodcock <woody@pch.net> wrote:
> 
> While I’d like DNSSEC to be ubiquitous, and I recognize that split-horizon isn’t going away any time soon, I’m not sure that it’s worth putting effort into making that particular combination easier, when effort could be applied to making DNSSEC easier, and it would benefit both the people who are doing split horizon, and everyone else.

I sort of agree Bill. IMO this is not an either/or choice: both DNSSEC and split DNS could or should be made easier. Both not going to go away any time soon. And both are icky to deploy and operate.

Perhaps this thread needs to move somewhere else since it seems off-topic for this WG.

v2.23.0 | Report a Bug | By Email