Re: [DNSOP] Terminology question: split DNS

Paul Vixie <paul@redbarn.org> Mon, 19 March 2018 22:08 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF4D412D95B for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 15:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uMyMAyL0i63M for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 15:08:29 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36C9F12D94D for <dnsop@ietf.org>; Mon, 19 Mar 2018 15:08:29 -0700 (PDT)
Received: from [192.168.9.206] (5-226-86-5.static.ip.netia.com.pl [5.226.86.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 6520D7594C; Mon, 19 Mar 2018 22:08:27 +0000 (UTC)
Message-ID: <5AB034DA.2010908@redbarn.org>
Date: Mon, 19 Mar 2018 15:08:26 -0700
From: Paul Vixie <paul@redbarn.org>
User-Agent: Postbox 5.0.24 (Windows/20180302)
MIME-Version: 1.0
To: Steve Crocker <steve@shinkuro.com>
CC: dnsop <dnsop@ietf.org>
References: <3D490CA8-0733-47AD-A088-113B1116B207@vpnc.org> <CAKr6gn0RrJEzLCg-nzmwpY7R4XUtRXudQZWdgpz2Vt3X1+BL4Q@mail.gmail.com> <D2E84EBB-9AE5-469B-B8A5-37DBD9CD8D44@fugue.com> <5AB00268.4040902@redbarn.org> <9098.1521492996@dash.isi.edu> <alpine.LRH.2.21.1803191711420.12290@bofh.nohats.ca> <CABf5zvLW_p9emh9woaHok3seR+EX8A6gBmk8GYcjeG7JYHiq=w@mail.gmail.com>
In-Reply-To: <CABf5zvLW_p9emh9woaHok3seR+EX8A6gBmk8GYcjeG7JYHiq=w@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/9ChoIVXuVCb_OcSUVTIfD473Luc>
Subject: Re: [DNSOP] Terminology question: split DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 22:08:31 -0000


Steve Crocker wrote:
> I haven't been following the current thread but I have encountered this
> topic before and I have thought about the implications for DNSSEC.
>
> The terminology of "split DNS" -- and equivalently "split horizon DNS"
> -- is, in my opinion, a bit limited.  It's not too hard to imagine
> further carve outs.  For me, the general case is at every point in the
> network, there is an external world and an internal world.  ...

i think two things. probably more, but two that occur upon the above.

first, that general case is not described in detail in the documentation 
of the Internet System. a brief overview is given in RFC 1918 (BCP 5), 
in the last paragraph of section 5, but more is needed.

second, more specific cases exist, where configuration cognizance is 
given to *several* external worlds AND *several* internal worlds. 
bind9's "view" feature accounts for this, but the resulting capabilities 
are very hard to describe in a general way.

see also: <http://family.redbarn.org/~vixie/proxynet.pdf>.

-- 
P Vixie