IETF Logo Mail Archive

Re: [Add] some background on split DNS with DNSSEC

tirumal reddy <kondtir@gmail.com> Wed, 10 November 2021 14:23 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B4DF3A0F39 for <add@ietfa.amsl.com>; Wed, 10 Nov 2021 06:23:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8PLCExbQfzAk for <add@ietfa.amsl.com>; Wed, 10 Nov 2021 06:23:53 -0800 (PST)
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 478613A10A0 for <add@ietf.org>; Wed, 10 Nov 2021 06:23:50 -0800 (PST)
Received: by mail-yb1-xb31.google.com with SMTP id u60so6806233ybi.9 for <add@ietf.org>; Wed, 10 Nov 2021 06:23:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Rkltc9A3jCBINmnQkOKjAxjZrEqpGFO53JJNh+y8Rk0=; b=qLmZ6w2qbQ2tia9GoSR5jvfPKz7ED/QZUn8c6k1MZX0u47RlJ7rfe7JAOUpRkrBxAn CJsM3mZLNtZLL9WsMsB/9y/JJNKrP0W8LN4bNlbKPV42d7NB10AJbjgflBTkAKW9fuiy ynTTiFr6wWIH2oIEL5fgsmVBTVeF1C6q1S2ZMPKEhs7n+TF+5OjYEdyWKoTzXRfu0bgY 5Im9FdFO3W6OiMyUjuv0PigFO1cHlRhJ6wJl2Au5/Yz/W+pUMo1IXHj0C2EltkOoMyQJ I1RMS8mUixfPx/AhhcpRsZ6rWDC6keYhWywccYT0sfhhLeuRKNFCtoXGxkw7EM6ZZhRq coZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Rkltc9A3jCBINmnQkOKjAxjZrEqpGFO53JJNh+y8Rk0=; b=k97T8lKVhQiqDkIWi2dBk1fgyjxXFSszhvymDM/3Ve5QeVcToYcgbLCFCyi+rs5onx UTT/QIN9QnmJFCGA7fIv91kplDgtD06eutL21MnwU6DmARwuuwvJ8tJAKj9fTt0FMQor N9xJU//PCrcSVpnMAOtTkDmh5/JrsuFGhqWej9rP5zbhJCmQuz8nPAXUBB/MJuWSNvv8 algz7Haz2uzNuTmSo47b+XlbJVp9CiPojVpt9+dyZHImX8120/aWnhskPy0TgZ6/L3vj qkGuPmdp18WgcARUbHQLEFWa6iil2ffGn71qSXti56TX1LY9pv8bGd0qjsi3uo8KORsx btrQ==
X-Gm-Message-State: AOAM532WcPuLg8QC0294Tnb/kCturFsuAt4sG9lPHzEDB50rwz28dDGX XN+T87TJtB6d7Ut9fwasCuut2gHVjbhgkQfHhK/85WAFw6Y=
X-Google-Smtp-Source: ABdhPJw4eJSYwOFwjX8lJsGYFEtUd1VSo4dxJCCsv6Sn3//qu5otOh/S8RJeNI/WtHngYAJa80FlM3ev3mGYnzWw/lY=
X-Received: by 2002:a25:c094:: with SMTP id c142mr18023882ybf.133.1636554226422; Wed, 10 Nov 2021 06:23:46 -0800 (PST)
MIME-Version: 1.0
References: <yblk0hio8pu.fsf@w7.hardakers.net>
In-Reply-To: <yblk0hio8pu.fsf@w7.hardakers.net>
From: tirumal reddy <kondtir@gmail.com>
Date: Wed, 10 Nov 2021 19:53:34 +0530
Message-ID: <CAFpG3geDvCH0captxdMD61-gAGTrvgeHDiFkHY6VmPRfSXSw0w@mail.gmail.com>
To: Wes Hardaker <wjhns1@hardakers.net>
Cc: add@ietf.org
Content-Type: multipart/alternative; boundary="00000000000052579d05d06ff9f9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/XrMr7in6xKFdr3pKnqO7NRY47Pc>
Subject: Re: [Add] some background on split DNS with DNSSEC
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Nov 2021 14:23:59 -0000

On Mon, 8 Nov 2021 at 23:01, Wes Hardaker <wjhns1@hardakers.net> wrote:

>
> A past draft was written about how to handle split DNS within DNSSEC.
>
>
> https://datatracker.ietf.org/doc/html/draft-krishnaswamy-dnsop-dnssec-split-view
>
> This may be useful information for the
> draft-reddy-add-enterprise-split-dns draft
>

Yes, it has useful information and is referred in
https://datatracker.ietf.org/doc/html/draft-reddy-add-enterprise-split-dns-07#section-7
for deploying DNSSEC operationally with split-horizon domains.

-Tiru


>
> Also of interest is what problems exist with doing private name spaces
> and how hard this problem is and why DNSOP has never managed to publish
> something about it:
>
> https://www.rfc-editor.org/rfc/rfc8244.html
>
> And if you back search DNSOP mailing list, this has a huge history
> behind it.
> --
> Wes Hardaker
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email