Re: [DNSOP] Terminology question: split DNS
Michael Sinatra <michael@brokendns.net> Mon, 19 March 2018 21:24 UTC
Return-Path: <michael@brokendns.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FE54127058 for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 14:24:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fk7KGL_r3-_4 for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 14:24:15 -0700 (PDT)
Received: from burnttofu.net (burnttofu.net [IPv6:2607:fc50:1:9d00::9977]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CDB51200A0 for <dnsop@ietf.org>; Mon, 19 Mar 2018 14:24:15 -0700 (PDT)
Received: from elwha.brokendns.net (elwha.brokendns.net [206.125.172.202]) by burnttofu.net (8.15.2/8.15.2) with ESMTPS id w2JLO3Od076418 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Mon, 19 Mar 2018 17:24:04 -0400 (EDT) (envelope-from michael@brokendns.net)
Received: from 252.192.128.198.in-addr.dhcp.lbnl.us (unknown [IPv6:2620:83:8001:572::1:d1e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elwha.brokendns.net (5.65c/IDA-1.4.4/5.63) with ESMTPSA id CF1C2402E5; Mon, 19 Mar 2018 14:24:02 -0700 (PDT)
To: Jim Reid <jim@rfc1035.com>, Artyom Gavrichenkov <ximaera@gmail.com>
Cc: dnsop <dnsop@ietf.org>
References: <3D490CA8-0733-47AD-A088-113B1116B207@vpnc.org> <CALZ3u+a9o1g0ZTkGjqWwfyV9phovEgu6Linp137yvM=JHSnj-A@mail.gmail.com> <CA+nkc8DrHTVkbPJDEGksnoN3e-DQtKV1=owOA5pLAUWG+depzw@mail.gmail.com> <CALZ3u+bs+uDm16UiHp6fAF+EyrA9FBcbvYhRap76Wb6MCz_vOg@mail.gmail.com> <374BF611-71C4-4E37-A725-B214527328A0@rfc1035.com>
From: Michael Sinatra <michael@brokendns.net>
Message-ID: <c4ce2d41-8af3-9ad2-4c1a-3b1433786592@brokendns.net>
Date: Mon, 19 Mar 2018 14:24:01 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:59.0) Gecko/20100101 Thunderbird/59.0
MIME-Version: 1.0
In-Reply-To: <374BF611-71C4-4E37-A725-B214527328A0@rfc1035.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.6.2 (burnttofu.net [162.217.113.18]); Mon, 19 Mar 2018 17:24:05 -0400 (EDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/bJBjUi_-TPcDlv1T7C-MrOJhrsw>
Subject: Re: [DNSOP] Terminology question: split DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 21:24:17 -0000
On 3/19/18 11:14 AM, Jim Reid wrote: > > >> On 19 Mar 2018, at 18:09, Artyom Gavrichenkov <ximaera@gmail.com> wrote: >> >> Another issue here is that, for some enterprises at least, there's no >> single "internal network" anymore. > > We don't need to enumerate every potential split DNS scenario (or how it's implemented). The original text says "there are many potential variants". That should be enough for this document. The simple example of one internal and one external net will do for illustrative purposes. Rather than try for some physical demarcation like "firewall" or "network," why don't we simply say "organizationally-defined perimeter" or "perimeter defined by the organization," which leaves it vague enough to support the "many potential variants"? E.g. in Paul H.'s original text Instead of: "Where a corporate network serves up partly or completely different DNS inside and outside its firewall." Use: "Where a corporate [enterprise?] network serves partly or completely different DNS based on a client's location inside or outside of a perimeter defined by that organization." This also gives the enterprise organization both the authority (and onus) to define its perimeter in a reasonable logical way. michael
- [DNSOP] Terminology question: split DNS Paul Hoffman
- Re: [DNSOP] Terminology question: split DNS Paul Vixie
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Jim Reid
- Re: [DNSOP] Terminology question: split DNS Artyom Gavrichenkov
- Re: [DNSOP] Terminology question: split DNS Bob Harold
- Re: [DNSOP] Terminology question: split DNS Artyom Gavrichenkov
- Re: [DNSOP] Terminology question: split DNS George Michaelson
- Re: [DNSOP] Terminology question: split DNS Artyom Gavrichenkov
- Re: [DNSOP] Terminology question: split DNS Paul Vixie
- Re: [DNSOP] Terminology question: split DNS Jim Reid
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Robert Edmonds
- Re: [DNSOP] Terminology question: split DNS Paul Vixie
- Re: [DNSOP] Terminology question: split DNS George Michaelson
- Re: [DNSOP] Terminology question: split DNS Darcy Kevin (FCA)
- Re: [DNSOP] Terminology question: split DNS John Kristoff
- Re: [DNSOP] Terminology question: split DNS John Heidemann
- Re: [DNSOP] Terminology question: split DNS Paul Wouters
- Re: [DNSOP] Terminology question: split DNS Michael Sinatra
- Re: [DNSOP] Terminology question: split DNS Steve Crocker
- Re: [DNSOP] Terminology question: split DNS Paul Vixie
- Re: [DNSOP] Terminology question: split DNS Dick Franks
- Re: [DNSOP] Terminology question: split DNS Evan Hunt
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Andrew Sullivan
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Matt Larson
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Darcy Kevin (FCA)
- Re: [DNSOP] Terminology question: split DNS Matthew Pounsett
- Re: [DNSOP] Terminology question: split DNS Matthew Pounsett
- Re: [DNSOP] Terminology question: split DNS Artyom Gavrichenkov