IETF Logo Mail Archive

Re: [Add] WG Adoption Call draft-reddy-add-enterprise-split-dns

tirumal reddy <kondtir@gmail.com> Wed, 11 May 2022 09:15 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EB71C157B4C for <add@ietfa.amsl.com>; Wed, 11 May 2022 02:15:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U1y1pDQNpphW for <add@ietfa.amsl.com>; Wed, 11 May 2022 02:14:58 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0196C157B48 for <add@ietf.org>; Wed, 11 May 2022 02:14:58 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id bx33so1731616ljb.12 for <add@ietf.org>; Wed, 11 May 2022 02:14:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=N2FMziRemhD/r3nFrwq05Nd7GN3xyNLYrOhqgGCcXNA=; b=b2Df3LanMTIF4Aws0HrK2s8TJlInkiUnZPBwAK5/2GTwrXJgCWFJ10AmQUpLBzGZTe aFS4uycmrY66/tFKjJ22RAlzP6XjjIa9Mn29GqcZKb+ocw3eYLm5n4C86aFMnw3Og9Y6 1lPY+0qRlHLkvYt3CbHh7qJii5a5LzTWrbt9uS+G84gz7tbQMQxm5LTicoXIwa/xoqPV D3YjHQAAMXk++RVWM7DFOJ54BJYcjGTtwIThIErO/atTzKsKBMejNvB9GhLeu29Oiost gf8aDP6w+H+TW2/DUQAHmQOUFbtyRnUq2FRqzG+YdR9caDbeJ+SvI71nt/K2qSAIkSI0 nVvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=N2FMziRemhD/r3nFrwq05Nd7GN3xyNLYrOhqgGCcXNA=; b=qBfu78EMbBth3o3qA+CTE9zmUYvFkMtTfJE05NQd0T4UUjg+QAyuoMdmY+6Xk3+HJt Oz04SvJ+Rw20Lfqy08RQ0J1wq9JqT++9J4bBnaEEtZXCP3+nUCbmi+mEaVW4gdmYHgCZ fDFnx/MDszk+E0x6uR7gw1W1o30E+Fs+YrUBbMQ9INtFe71fwfoMM6wNCgqHDrhijw0K cfToSy6PFOii8N0g3a/GXS8UMM+gmM5I9cG4igcT8zfGob5hZtTkHAuBGLfP+S8/D76D J4gazqnN0RRPcs/cUKlcnYyKZYYmUg2recAHWpnWKif24ZwakjKaP8TLdonZh5QQQQuH 0m5g==
X-Gm-Message-State: AOAM530TuNG2uIQ7s5G6vcHF6n2OqHlDc009w0Hjdk/uRE7RbQmzSKmM S7Bks40mBBthQjvB07dFfJ2sKmECiv8N3j6s2ng=
X-Google-Smtp-Source: ABdhPJxdkZ4bGug49jk5/sN4dGpQYF2ytlSork6nEmZZsbgYCuuNPnR9r1XMkw7HHqK9ar22PMSDFgIrcez8Qs1TgWo=
X-Received: by 2002:a2e:8744:0:b0:250:9bfe:b777 with SMTP id q4-20020a2e8744000000b002509bfeb777mr16032241ljj.523.1652260496079; Wed, 11 May 2022 02:14:56 -0700 (PDT)
MIME-Version: 1.0
References: <BYAPR11MB3111FD2D0FF61231304A5F3DEAC29@BYAPR11MB3111.namprd11.prod.outlook.com> <CAHbrMsAcpHFon+JS9jsLdqANt+1FmkA_VDAwW4PSUDMJwtbavA@mail.gmail.com> <14b56185-4fe3-8e4b-adcf-22ddb624329@nohats.ca> <CAHbrMsDywOYmFzhruD4CK=Jze-sDR8ao253kWxR6+FpTpGLmYA@mail.gmail.com> <2cf6eb22-fe45-67af-2373-522ee9aa2ec4@nohats.ca> <CAHbrMsD=92K3SDuUMe5WtzCBfww49ACQuavZThCPT-fPStjzFg@mail.gmail.com> <8cc9dbde-113a-2b40-df47-ccdc12da1bb@nohats.ca> <28577.1652106989@localhost>
In-Reply-To: <28577.1652106989@localhost>
From: tirumal reddy <kondtir@gmail.com>
Date: Wed, 11 May 2022 14:44:44 +0530
Message-ID: <CAFpG3geHBsjmckXG7ksnk8g1rdB-kqNGqdmsBptRUPBJuY7Jmg@mail.gmail.com>
To: Michael Richardson <mcr@sandelman.ca>
Cc: Paul Wouters <paul@nohats.ca>, Ben Schwartz <bemasc@google.com>, "Deen, Glenn" <Glenn_Deen@comcast.com>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f1ff2005deb8dfd8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/kBm_rWGOwbGbRG7jfbrurxbXlso>
Subject: Re: [Add] WG Adoption Call draft-reddy-add-enterprise-split-dns
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2022 09:15:02 -0000

+1.

The draft was initially using TRR and was later updated to use DNSSEC as
part of the discussions in the WG. It was also discussed whether DNSSEC
will be deployed by client implementations and the outcome of the
discussion was client implementations are not enabling DNSSEC because of
validation failure due to incorrectly handling DNSSEC records by middle
boxes. However, in this case, organizations deploying split-horizon have
every reason to correctly handle DNSSEC records otherwise DNSSEC validation
will fail and the local resolver will not be used.

-Tiru

On Mon, 9 May 2022 at 20:06, Michael Richardson <mcr@sandelman.ca> wrote:

>
> While I would love to litigate internal.example.com vs the
> official-impersonation via classic split-DNZ, based upon previous
> discussion,
> it seems that the WG didn't want to have that debate.
> I'm not sure that this adoption call is the right place to do this.
>
> (I personally believe that internal.example.com is the best, clearest, and
> most secure way to accomplish the goals of most enterprises, and I've
> worked
> in several medium sized enterprises that did exactly this.)
>
>
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email