Re: [Add] I-D Action: draft-reddy-add-enterprise-split-dns-08.txt

Eric Orth <> Mon, 24 January 2022 20:12 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5EE233A0437 for <>; Mon, 24 Jan 2022 12:12:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id BFPKkQRc1fsh for <>; Mon, 24 Jan 2022 12:12:53 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 03A3D3A040A for <>; Mon, 24 Jan 2022 12:12:52 -0800 (PST)
Received: by with SMTP id 23so54899349ybf.7 for <>; Mon, 24 Jan 2022 12:12:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=40BQGXgpCz5F95brazk3MnyAJbsYp5SWfKt4d6sSX5E=; b=UrlRamj+CpckCzHhMc4luWMTvxQ+IOZCm4e1XeXkG1xJYIeVHxqQgqfJrlgGf1x9hm vbJJ6hIKnfY2EzMDR7MqWfGOX8VD3HchoqGyMZeESwH9v/kgPIju4IOKUnqygWv7qVlc 4BP0jMMeavRoSKpOWKgT9Biq9YZ49g+r0gOf4z+cOfCxEwRIJwrU9Z+Z8KcxYUg5HZpL ugo5X43oarJ6yDiHLtsi/3AvYo7f2cyi9RGb5onyrhAKSoJfGBrvaYzGYW3OokYQtAID DhqI/xVNbDv6zwsm1V/wttv2TqLS8crSeyWVyJBzFoLGsIgbx7RJ8QzY2AZGt18McQ97 avng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=40BQGXgpCz5F95brazk3MnyAJbsYp5SWfKt4d6sSX5E=; b=3M97fMUxYEc7OLmz+iFpKAJrLRIuFn4TlIxht482FBoEYVSrymPQw42xdSscp1sZbG YKgJrOdXyfpvxSeZgeFbqHwTNmUm1HshpSUjDlMcywAnwwdFnN9tdMxw/9gY6S6UvlAA U7c8+eFRXUEwt5YDUiXgzauAxeYZdcN7FXVKXApmqeFamW4dMFW+tClF2VMKmcNqShYs A/d17wzppf9xMYxUPy/cTXUvxtNjoA68SHDseIZtW//lpLGcVTFj+6dGsvvM3+SN3a7B eTO6PTESZRMBMOqvO22JhUQ8ZZtzdKQh+HPQZN2WLAfpJgjb5lNZPQZRnFFRUXZWrBuc y92g==
X-Gm-Message-State: AOAM530CTWrYNYbcQNc4RGPms6aYzJGEnH2lR6UC0AuxoBd8RB8+RLef Zv286IrbVmSfMkK6pDQcgFzGCEvmtikzE3tHrcgh8UBtZPE=
X-Google-Smtp-Source: ABdhPJw1H6Mqe7fFAaPC+yOU+nLW3CYxlJS1uBmbdNCMfP5h7NqLm7hRVq+SpTrFEy7MzaBgaN2qUnDnEkCfBsh6jKE=
X-Received: by 2002:a25:5582:: with SMTP id j124mr24849361ybb.366.1643055171008; Mon, 24 Jan 2022 12:12:51 -0800 (PST)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Eric Orth <>
Date: Mon, 24 Jan 2022 15:12:39 -0500
Message-ID: <>
To: Paul Wouters <>
Cc: tirumal reddy <>, ADD Mailing list <>
Content-Type: multipart/alternative; boundary="000000000000d0f47905d65997eb"
Archived-At: <>
Subject: Re: [Add] I-D Action: draft-reddy-add-enterprise-split-dns-08.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 24 Jan 2022 20:12:57 -0000

On Fri, Jan 21, 2022 at 4:23 PM Paul Wouters <> wrote:

> On Fri, 21 Jan 2022, tirumal reddy wrote:
> > We published -08 version of Split-Horizon DNS Configuration draft
> >
> > based on WG feedback from IETF 112.
> >
> > Key changes are:
> >
> >    *  Restricted the scope of the document to split-horizon DNS names
> that are properly rooted in the global DNS.
> >    *  Added new terminology of hybrid resolver/client, authorised split
> horizon and domain camping
> >    *  Added DNSSEC to confirm authority over the split-horizon domains
> I had never heard of "domain camping" before, and I wonder what is wrong
> with "domain hijacking " and "NXDOMAIN hijacking" as terms ?

I normally hear and think of "domain camping" as a
not-intentionally-malicious subcategory of domain hijacking where the
domain being hijacked is assumed (whether or not correctly) to not exist.
Thus whoever is setting up split-dns for a network may believe it to be a
safe and conflict-free domain to use for internal usage, but it may cause
conflicts or other issues in the future when somebody adds actual
authoritative use of the domain.  Very common (but also very non-ideal) in
split-dns scenarios.

That said, the definition in the draft seems much more generic than my
understanding of the term and possibly equivalent to my understanding of
the wider "hijacking" terminology.  The draft even gives the example of
hijacking a popular domain to monitor traffic to that domain.  Very much a
scenario where "hijacking" is a clearer description.  So maybe, per this
terminology usage, to avoid unnecessarily confusing terminology, "domain
hijacking" would be a better term for the draft to define and use?