IETF Logo Mail Archive

Re: [DNSOP] Terminology question: split DNS

Evan Hunt <each@isc.org> Tue, 20 March 2018 08:15 UTC

Return-Path: <each@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C18551200C5 for <dnsop@ietfa.amsl.com>; Tue, 20 Mar 2018 01:15:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ad4edivM0Xur for <dnsop@ietfa.amsl.com>; Tue, 20 Mar 2018 01:15:01 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A75BD126B6D for <dnsop@ietf.org>; Tue, 20 Mar 2018 01:15:01 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [149.20.48.19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 6FFEB3AB001; Tue, 20 Mar 2018 08:15:01 +0000 (UTC)
Received: by bikeshed.isc.org (Postfix, from userid 10292) id 538F6216C1C; Tue, 20 Mar 2018 08:15:01 +0000 (UTC)
Date: Tue, 20 Mar 2018 08:15:01 +0000
From: Evan Hunt <each@isc.org>
To: Ted Lemon <mellon@fugue.com>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dnsop <dnsop@ietf.org>
Message-ID: <20180320081501.GA99022@isc.org>
References: <3D490CA8-0733-47AD-A088-113B1116B207@vpnc.org> <80F91E05-4A54-4EB2-9298-69C2CD4725CC@fugue.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <80F91E05-4A54-4EB2-9298-69C2CD4725CC@fugue.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/e8-SfXTqZkTT1mCcM_6g0WHsPUY>
Subject: Re: [DNSOP] Terminology question: split DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 08:15:03 -0000

On Mon, Mar 19, 2018 at 05:58:08PM +0000, Ted Lemon wrote:
> Yeah, that's a bit iffy.   Homenet is another example of the same thing.
> I would make it more generic, something like this:
> 
>   Where DNS servers that are authoritative for a particular set of domains
>   provide partly or completely different answers in those domains depending
>   on the source of the query.   The effect of this is that a domain name that
>   is notionally globally unique nevertheless has different meanings for
>   different network users.

This might be a little *too* generic: it appears to cover things like
geographically tailored responses and EDNS Client-Subnet, as well as
the internal and external views that are more typically what
"split[-horizon] DNS" refers to.

At a technical level there may not be much difference, but I've always
thought of "split DNS" as being specific to the boundary point between an
organizational intranet and the global internet. It's my impression that
historically most people who've used the term meant it in that sense, and
it might be confusing to broaden the definition retroactively.

I do think the text above is useful, though. I would suggest that, as there
are now several situations in which DNS responses may differ depending on
the client, would could define a generic term for that ("multi-horizon DNS"
or similar?), and then define "split DNS" as a specific case in which the
answer depends on whether the originating client is inside or outside of a
network controlled by the server's operator.

-- 
Evan Hunt -- each@isc.org
Internet Systems Consortium, Inc.

v2.23.0 | Report a Bug | By Email