Re: [DNSOP] Terminology question: split DNS

Michael Sinatra <michael@brokendns.net> Mon, 19 March 2018 21:24 UTC

Return-Path: <michael@brokendns.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FE54127058 for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 14:24:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fk7KGL_r3-_4 for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 14:24:15 -0700 (PDT)
Received: from burnttofu.net (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CDB51200A0 for <dnsop@ietf.org>; Mon, 19 Mar 2018 14:24:15 -0700 (PDT)
Received: from elwha.brokendns.net (elwha.brokendns.net [206.125.172.202]) by burnttofu.net (8.15.2/8.15.2) with ESMTPS id w2JLO3Od076418 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 19 Mar 2018 17:24:04 -0400 (EDT) (envelope-from michael@brokendns.net)
Received: from 252.192.128.198.in-addr.dhcp.lbnl.us (unknown [IPv6:2620:83:8001:572::1:d1e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elwha.brokendns.net (5.65c/IDA-1.4.4/5.63) with ESMTPSA id CF1C2402E5; Mon, 19 Mar 2018 14:24:02 -0700 (PDT)
To: Jim Reid <jim@rfc1035.com>, Artyom Gavrichenkov <ximaera@gmail.com>
Cc: dnsop <dnsop@ietf.org>
References: <3D490CA8-0733-47AD-A088-113B1116B207@vpnc.org> <CALZ3u+a9o1g0ZTkGjqWwfyV9phovEgu6Linp137yvM=JHSnj-A@mail.gmail.com> <CA+nkc8DrHTVkbPJDEGksnoN3e-DQtKV1=owOA5pLAUWG+depzw@mail.gmail.com> <CALZ3u+bs+uDm16UiHp6fAF+EyrA9FBcbvYhRap76Wb6MCz_vOg@mail.gmail.com> <374BF611-71C4-4E37-A725-B214527328A0@rfc1035.com>
From: Michael Sinatra <michael@brokendns.net>
Message-ID: <c4ce2d41-8af3-9ad2-4c1a-3b1433786592@brokendns.net>
Date: Mon, 19 Mar 2018 14:24:01 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:59.0) Gecko/20100101 Thunderbird/59.0
MIME-Version: 1.0
In-Reply-To: <374BF611-71C4-4E37-A725-B214527328A0@rfc1035.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.6.2 (burnttofu.net [162.217.113.18]); Mon, 19 Mar 2018 17:24:05 -0400 (EDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bJBjUi_-TPcDlv1T7C-MrOJhrsw>
Subject: Re: [DNSOP] Terminology question: split DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 21:24:17 -0000

On 3/19/18 11:14 AM, Jim Reid wrote:
> 
> 
>> On 19 Mar 2018, at 18:09, Artyom Gavrichenkov <ximaera@gmail.com>; wrote:
>>
>> Another issue here is that, for some enterprises at least, there's no
>> single "internal network" anymore.
> 
> We don't need to enumerate every potential split DNS scenario (or how it's implemented). The original text says "there are many potential variants". That should be enough for this document. The simple example of one internal and one external net will do for illustrative purposes.

Rather than try for some physical demarcation like "firewall" or 
"network," why don't we simply say "organizationally-defined perimeter" 
or "perimeter defined by the organization," which leaves it vague enough 
to support the "many potential variants"?

E.g. in Paul H.'s original text

Instead of: "Where a corporate network serves up partly or completely 
different DNS inside and outside its firewall."

Use: "Where a corporate [enterprise?] network serves partly or 
completely different DNS based on a client's location inside or outside 
of a perimeter defined by that organization."

This also gives the enterprise organization both the authority (and 
onus) to define its perimeter in a reasonable logical way.

michael