Re: [DNSOP] Terminology question: split DNS

Ted Lemon <mellon@fugue.com> Mon, 19 March 2018 17:58 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C4DC127333 for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 10:58:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-SMRFplRNFo for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 10:58:14 -0700 (PDT)
Received: from mail-wr0-x236.google.com (mail-wr0-x236.google.com [IPv6:2a00:1450:400c:c0c::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA9B5126C25 for <dnsop@ietf.org>; Mon, 19 Mar 2018 10:58:13 -0700 (PDT)
Received: by mail-wr0-x236.google.com with SMTP id s18so19489870wrg.9 for <dnsop@ietf.org>; Mon, 19 Mar 2018 10:58:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rz8PqWUM5pXkTCGtdteqdS3vIZifFWuTuoGnHAVcgC8=; b=YBy/MW1VqB9fdGpBljgMFAC42TrnK9cgvEXQWB/hFaTyUQc2/7pR6ina3nDsCJw4Ax TWHWElDdaoKmj2AjSqZ6o0g8cESo4e/VtPZb4BuOg3qidoaJKyFQfIBVXs8yADvfMhse Hq06PfP8jGVK7Xa5+kAKiEMMeyDcThN533Amixw8N6f//DE+XPncPvlutM+Al14m/7Yd 08EhqY3b4OJiBwtNi/AfRQIr4HoPo9znbibhNT+doMQuEKtGQzgQJ1PUW8pNcjkxt3zS CV3wd1mRp21dTP73OQcD0Y1/t52QFlcJlE/Q5fmlArE2rwVOEbwu3RK08KOFR1w6Hdwd mjTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rz8PqWUM5pXkTCGtdteqdS3vIZifFWuTuoGnHAVcgC8=; b=fYHJXRXq9EvjmbWVj5td5Oh6iwT1stJlNmPVs+9i3HlcZ2VnrAejHFTVFYZGwJ0D/J U6rVMEby+U+LZ2nJuDWHithkiFQHQvQXVrVV/WoyXjtYVk/jc06jZ8arE+psySy5oojM rsYjB1chJ996pvsLJFZ3puvqD5of7NL7LKgr/8MBcwm9SmPjyKK11a0HuQcu7EZ5VztA YaRaqQYcCGfJ3dgdM8W4hn0YuTIysgLlC3UfhT3Pmvhhs311yobus7Zc+dAk57s8MFxr ZHOeNjjpNzEblNym6iVlu0xgev+zkHDP9Shhf1tghBJbxUDkBteBvZWmMeVrvKZqoZNG +SlQ==
X-Gm-Message-State: AElRT7EgCexkdg3I8ANv5ao926pMGwJ4iigpd+J4BVXbGOfpUa+S2wEF 88K03R7nRiZEqeZTu8Y8zE5Fcw==
X-Google-Smtp-Source: AG47ELuGhVkBQrlJm3jbpYBvk1pakAVFZZwQ5hF51hxaIa1oZTS/yZIrQKT+Hty7v2a6e64dIhtang==
X-Received: by 10.223.226.1 with SMTP id j1mr10165982wri.13.1521482292173; Mon, 19 Mar 2018 10:58:12 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:1998:6899:7270:23d7:f951? ([2001:67c:370:1998:6899:7270:23d7:f951]) by smtp.gmail.com with ESMTPSA id 69sm1124407wmp.36.2018.03.19.10.58.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Mar 2018 10:58:11 -0700 (PDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Ted Lemon <mellon@fugue.com>
In-Reply-To: <3D490CA8-0733-47AD-A088-113B1116B207@vpnc.org>
Date: Mon, 19 Mar 2018 17:58:08 +0000
Cc: dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <80F91E05-4A54-4EB2-9298-69C2CD4725CC@fugue.com>
References: <3D490CA8-0733-47AD-A088-113B1116B207@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FlqVgW-EwtXb_47qJPABgxg_W_E>
Subject: Re: [DNSOP] Terminology question: split DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 17:58:16 -0000

On Mar 19, 2018, at 5:47 PM, Paul Hoffman <paul.hoffman@vpnc.org>; wrote:
> Some folks had reservations about the current definition of "split DNS":
>   "Where a corporate network serves up partly or completely different DNS inside and outside
>   its firewall. There are many possible variants on this; the basic point is that the
>   correspondence between a given FQDN (fully qualified domain name) and a given IPv4 address
>   is no longer universal and stable over long periods."
>   (Quoted from <xref target="RFC2775"/>, Section 3.8)

Yeah, that's a bit iffy.   Homenet is another example of the same thing.   I would make it more generic, something like this:

  Where DNS servers that are authoritative for a particular set of domains
  provide partly or completely different answers in those domains depending
  on the source of the query.   The effect of this is that a domain name that
  is notionally globally unique nevertheless has different meanings for
  different network users.

This is probably not exactly right, but it gets rid of several problems with the old text.   I think the reference to "corporate" is bogus, and the reference to "IPv4" is also bogus, and also incomplete, since split horizon can affect any record, not just address records.

It could be usefully clarified by adding something along the lines of, "for example, RFC2775 mentions ..." and then include some or all of the old text.