Re: [DNSOP] Terminology question: split DNS

Andrew Sullivan <ajs@anvilwalrusden.com> Tue, 20 March 2018 13:52 UTC

Return-Path: <ajs@anvilwalrusden.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 916281270AE for <dnsop@ietfa.amsl.com>; Tue, 20 Mar 2018 06:52:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yitter.info header.b=DBFG2AaW; dkim=pass (1024-bit key) header.d=yitter.info header.b=K6hsF3wW
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PFHOcKsLejjm for <dnsop@ietfa.amsl.com>; Tue, 20 Mar 2018 06:52:01 -0700 (PDT)
Received: from mx4.yitter.info (mx4.yitter.info [159.203.56.111]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34135124B17 for <dnsop@ietf.org>; Tue, 20 Mar 2018 06:52:01 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mx4.yitter.info (Postfix) with ESMTP id 7E9F8BE780 for <dnsop@ietf.org>; Tue, 20 Mar 2018 13:51:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1521553890; bh=rrTtapXGGCzgEOD0mjJIoTh+s+r4zxoQxiU25vKDoDs=; h=Date:From:To:Subject:References:In-Reply-To:From; b=DBFG2AaWzTQde0HcSWWjQEGHP97Y51gHt4G/Mu0+Y+x/TiJ2RCQkdBRMNQ6l1sGH2 6iqMgkLrzb34GLIH39UcDVCM29rdVAc7d+iGccThIjdFoaMzvEwVLaDkYZ44tmHd9r 9/TABxksmK6Ics+nGhQYUc7QXXm+UsR7Z7bLqRzE=
X-Virus-Scanned: Debian amavisd-new at crankycanuck.ca
Received: from mx4.yitter.info ([127.0.0.1]) by localhost (mx4.yitter.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iwp_A4dzktfL for <dnsop@ietf.org>; Tue, 20 Mar 2018 13:51:29 +0000 (UTC)
Date: Tue, 20 Mar 2018 09:51:26 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yitter.info; s=default; t=1521553889; bh=rrTtapXGGCzgEOD0mjJIoTh+s+r4zxoQxiU25vKDoDs=; h=Date:From:To:Subject:References:In-Reply-To:From; b=K6hsF3wW9P6/PJzZzAf7RA6qgJWgOoZuGLNRQUnTBmkxYNCZ3p7ASoLbmUoF5N/kM EL5p0bj4Qv9ZswCXTdRo5Z6JtdHCMu3TQ/FKanF1h7ky7AdT+CQjSH1baXiYpXr9Lr L+4Y2LUJTCdrsYDklXiiVB/JIswICMekjUYcbk3w=
From: Andrew Sullivan <ajs@anvilwalrusden.com>
To: dnsop@ietf.org
Message-ID: <20180320135126.ivcjinh6su4lzqzc@mx4.yitter.info>
References: <3D490CA8-0733-47AD-A088-113B1116B207@vpnc.org> <80F91E05-4A54-4EB2-9298-69C2CD4725CC@fugue.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <80F91E05-4A54-4EB2-9298-69C2CD4725CC@fugue.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/iJqVxrRxliZfnH0UBwQB4olRkSY>
Subject: Re: [DNSOP] Terminology question: split DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2018 13:52:03 -0000

On Mon, Mar 19, 2018 at 05:58:08PM +0000, Ted Lemon wrote:
>   Where DNS servers that are authoritative for a particular set of domains
>   provide partly or completely different answers in those domains depending
>   on the source of the query.   The effect of this is that a domain name that
>   is notionally globally unique nevertheless has different meanings for
>   different network users.

I mostly like that, but I quibble with "source of the query".  It's
really "depending on some factor apart from the name, class, and type
of the query.  For instance, the answers might differ according to the
source of the query."  EDNS client subnet is another example, but I've
also seen things based on authentication (SIG(0) or TSIG).
Effectively, every "DNS tricks" service on the public Internet is also
a kind of split horizon.

I think we should include all of "split DNS", "split horizon", and
"split brain": they're all terms I've heard and so we ought to make
sure they're both included.

A

-- 
Andrew Sullivan
ajs@anvilwalrusden.com