Re: [DNSOP] Terminology question: split DNS

Artyom Gavrichenkov <ximaera@gmail.com> Mon, 19 March 2018 18:13 UTC

Return-Path: <ximaera@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90C1D12946D for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 11:13:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhaFWquXPI6T for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 11:13:24 -0700 (PDT)
Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com [IPv6:2607:f8b0:400c:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D849812D875 for <dnsop@ietf.org>; Mon, 19 Mar 2018 11:13:23 -0700 (PDT)
Received: by mail-vk0-x234.google.com with SMTP id k187so10884162vke.12 for <dnsop@ietf.org>; Mon, 19 Mar 2018 11:13:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=F4bV3u77E0CXi2IrYROQXpc81nNywS6GCs2plw9HG/I=; b=OLHqfdF47Q8L5DOQpFu0WtNZZJXmVcVY3GnBzqJdOw+EJ7gH8eSnVM2oJbw60T7xn/ ZQJzZWiMfF4RQjigauIaa4OK8G0hPjQ0idC5z7jADu17tMJqf9wss9CU99rKx0J9Oq46 TJAqaYOSvAf283tZoraXpaWFcuQC/joULZKRU2+9kz/epGx1ldMikay/upIg3sX9/i/m N3m4iVtkNR7PECY2qKJIV3KHPCAZVeQuZ3HZnCeJlE45iVa5nnTH2kHxYbSTfK2Jsp08 8ve0RA+fQ11KCdWEeNs0WOZZJOgSXaOfM938vteXPmAtabfuhYZte0vNLJFNyLFJKaf7 Oz6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=F4bV3u77E0CXi2IrYROQXpc81nNywS6GCs2plw9HG/I=; b=GDnFA5x8UwrOvJcPjzmGo9t+ItGZMI36300f13QMI//i1bSpNW6gP/peDQUQ8ILplp JLdgNMSUsva+WoszjWOQLNUL2bfSiJB4gKf/t6DVj3lB1J2IiBVGEPQ7HI8PiEShkGIE HMwJiQQfcJInaE8SsSi4+A4r8V+lu84UCfmPmufCkJ3koZrhEGG9uo9k0Raj7DmgFOfh tVWLXmdcSwo9T760ajNjkf0uuMRZVIArc7qJWvQDD5946xEfIM/M8AozhXGWGQeqvgJN cSGi2WZge9uexnbHQjg+EQsaxtEl+H/xKMi1XR95+3fORKX9H3Lb3zfvAo7xLYFDRdFo 0iGg==
X-Gm-Message-State: AElRT7EHCVwNie+FZ0Mj7A/VRtFnVUtXfH8AfKKb6LrptVY63rvpHpxB NpyBmka55Cn8DQym6MlixSpPybP4AioSNxPxhbI=
X-Google-Smtp-Source: AG47ELtBxAwY++Tr9qNC5UewxM9UlVYMKQiWVUNj6cOfh+6gS5MYkjVbnwNl3fU5BRKY5rSuJbFo42747HRvI19vlFI=
X-Received: by 10.31.99.199 with SMTP id x190mr8131410vkb.23.1521483202750; Mon, 19 Mar 2018 11:13:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.57.111 with HTTP; Mon, 19 Mar 2018 11:13:02 -0700 (PDT)
In-Reply-To: <CALZ3u+bs+uDm16UiHp6fAF+EyrA9FBcbvYhRap76Wb6MCz_vOg@mail.gmail.com>
References: <3D490CA8-0733-47AD-A088-113B1116B207@vpnc.org> <CALZ3u+a9o1g0ZTkGjqWwfyV9phovEgu6Linp137yvM=JHSnj-A@mail.gmail.com> <CA+nkc8DrHTVkbPJDEGksnoN3e-DQtKV1=owOA5pLAUWG+depzw@mail.gmail.com> <CALZ3u+bs+uDm16UiHp6fAF+EyrA9FBcbvYhRap76Wb6MCz_vOg@mail.gmail.com>
From: Artyom Gavrichenkov <ximaera@gmail.com>
Date: Mon, 19 Mar 2018 18:13:02 +0000
Message-ID: <CALZ3u+aw1d9_hfmsYwCNPnn=n9vDzkjc=TUyqWavLH8i6TTObA@mail.gmail.com>
To: Bob Harold <rharolde@umich.edu>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dnsop <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/gkUMyppFbqxELh8EXF1pflwuDa4>
Subject: Re: [DNSOP] Terminology question: split DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 18:13:26 -0000

...yeah, a simple example of such an exception is an anycast DNS
network which doesn't even look at the source IP address, but just has
completely different zones deployed in different points of presence.
When a PoP goes down, the same IP address will be directed to another
PoP and will start receiving data from a different "horizon" (there
might be a better metaphor for this concept).

| Artyom Gavrichenkov
| gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191
| mailto: ximaera@gmail.com
| fb: ximaera
| telegram: xima_era
| skype: xima_era
| tel. no: +7 916 515 49 58


On Mon, Mar 19, 2018 at 6:09 PM, Artyom Gavrichenkov <ximaera@gmail.com>; wrote:
> On Mon, Mar 19, 2018 at 6:05 PM, Bob Harold <rharolde@umich.edu>; wrote:
>> In practice this is done by using either different DNS servers (or
>> processes), or multiple "views" in a DNS configuration.
>
> Another issue here is that, for some enterprises at least, there's no
> single "internal network" anymore. There are different network scopes
> (_sometimes_ nested) ranging from "formally internal but treated as
> almost external" to "air gap-separated DMZ", with different policies,
> including different DNS policies.
>
> My second thought (personally) is that there might be a reason to just
> bury the "split DNS" definition whatsoever and to just define a
> "multi-horizon DNS", where a "horizon" is defined by a company's
> policy and _usually_ depends on the source IP address of a query
> (there may be exceptions).
>
> | Artyom Gavrichenkov
> | gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191
> | mailto: ximaera@gmail.com
> | fb: ximaera
> | telegram: xima_era
> | skype: xima_era
> | tel. no: +7 916 515 49 58