Re: [DNSOP] Terminology question: split DNS
Dick Franks <rwfranks@acm.org> Mon, 19 March 2018 23:29 UTC
Return-Path: <rwfranks@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D33412D7F7 for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 16:29:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t-BOrXs8gy_R for <dnsop@ietfa.amsl.com>; Mon, 19 Mar 2018 16:29:26 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6312B12D7F4 for <dnsop@ietf.org>; Mon, 19 Mar 2018 16:29:26 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id 139so105657wmn.2 for <dnsop@ietf.org>; Mon, 19 Mar 2018 16:29:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=oezDDIQWJScr5J5f/QFP/Ma2hu2XhFzWD/LygsDNDCM=; b=ExXH25kjy7fv+Lfpt46g+5bn0kpwKp+LouQbMuVUzTnf8208KwF+UJGpdBd2KkBfc3 CicImg/0cJWgRM0uL0q0Eb1vgSPYjFYzw7jlKf9F88VtbLkd5fsPhs4fT88TwxbacAaW w+jrN7Cw7GZoRWyRyInkQ4ZnGPE2yNnZ7rgI0SMMZ9qHeQex7vIzA/upHsSEFVYX9aRX uUX5aLHjroINEAqaD0rli7RInDfdOd8TQwyVbXeUs+ukAbwCLVw4mweOrB4Stadv4Zch oTXfjHIaYQJoG9n/CVh0OMBocGbV6fGf1eHriojDxKLsonWL9Wag30fL6WbUawk6cOsl LjUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=oezDDIQWJScr5J5f/QFP/Ma2hu2XhFzWD/LygsDNDCM=; b=P8naHUb4ATiYU8OAIqoCR6S91qLVVnTPuKv2pZT4JvqPVDvdhfUnfRyAB5W15vT1fv bzSonc7AQ3cjn/J5foBQB2pMWTRKTlxqsLzg10YoXbAF22zHH3eWjSxxK6iSzYBfKVIO vXQrxgKp25s0RGlbNViNaifsmiyAD/xzx7IXJpafozH7uLiujdccoJDgHlOHhreEuwoA d2eCBn2MCJMkOvFKAWGHpJoUEWxvCzy3iZlyo7MfuB339l17+GV5IBnX3XsvgOVx+Wmv iusDR+QSr6tsCD56KJkxLy+OAjQCns80HboXGJu1rhNlS2+DbI1F267AQoaKTM5rCPPa /ybA==
X-Gm-Message-State: AElRT7GfzyJxbmjUBzHqjH1fiWeHypMAQThn2Rfsz17N+D1+4+SUAVWR MWkZq32hIuIFlgTwWgHJo9wWoctpTkbj0iAgLjE=
X-Google-Smtp-Source: AG47ELsxDX9a/ddHZiYjnNnmLEhW3EH5vqEMwwOdcgTrFokI12HpAHE1znIrK5mhLJbogxrDcubEqVcTbgV5KmknHzA=
X-Received: by 10.28.176.134 with SMTP id z128mr400261wme.86.1521502164879; Mon, 19 Mar 2018 16:29:24 -0700 (PDT)
MIME-Version: 1.0
Sender: rwfranks@gmail.com
Received: by 10.223.189.147 with HTTP; Mon, 19 Mar 2018 16:28:44 -0700 (PDT)
In-Reply-To: <CABf5zvLW_p9emh9woaHok3seR+EX8A6gBmk8GYcjeG7JYHiq=w@mail.gmail.com>
References: <3D490CA8-0733-47AD-A088-113B1116B207@vpnc.org> <CAKr6gn0RrJEzLCg-nzmwpY7R4XUtRXudQZWdgpz2Vt3X1+BL4Q@mail.gmail.com> <D2E84EBB-9AE5-469B-B8A5-37DBD9CD8D44@fugue.com> <5AB00268.4040902@redbarn.org> <9098.1521492996@dash.isi.edu> <alpine.LRH.2.21.1803191711420.12290@bofh.nohats.ca> <CABf5zvLW_p9emh9woaHok3seR+EX8A6gBmk8GYcjeG7JYHiq=w@mail.gmail.com>
From: Dick Franks <rwfranks@acm.org>
Date: Mon, 19 Mar 2018 23:28:44 +0000
X-Google-Sender-Auth: SWVSvSyhdpIBqiRSEekkeqTXFA8
Message-ID: <CAKW6Ri4ARGwzr=3F8yjLXAGXr8LpnHauH+7shd=Uz1199ABESQ@mail.gmail.com>
To: Steve Crocker <steve@shinkuro.com>
Cc: dnsop <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="001a11411012100d2a0567cc5441"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/ncL8jb2BZkBAT87WTwN0Zb2s9Iw>
Subject: Re: [DNSOP] Terminology question: split DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 23:29:28 -0000
On 19 March 2018 at 21:30, Steve Crocker <steve@shinkuro.com> wrote: > I haven't been following the current thread but I have encountered this > topic before and I have thought about the implications for DNSSEC. > > The terminology of "split DNS" -- and equivalently "split horizon DNS" -- > is, in my opinion, a bit limited. It's not too hard to imagine further > carve outs. For me, the general case is at every point in the network, > there is an external world and an internal world. Let's say I am in charge > of the systems that support a department within a division of a very large > company. I could imagine a department DNS that resolves names within the > department but forwards other queries to the division DNS resolvers. > The simple distinction between "internal" and "external" does not begin to describe the situation on the ground in the multi-national company that used to employ me. The only real "external" is the global internet. Obviously, the local network, at subsidiary company, or in some cases departmental level, is unambiguously "internal" The operating subsidiaries were connected to a (corporate) national network, and thence the international and global networks. The DNS naming regime represented all these levels, including specifically, a "view" of a subsidiary's (locally) maintained namespace visible from other parts of the organisation. The key ingredient that need to be captured in the description, is that these are multiple "views" of a single database. The view is a corporate policy animal, and usually changes at a much lower rate than routine DNS database maintenance. This is a different proposition from selective forwarding. They resolve names within the division and forward other queries to the > company's resolvers. The company's resolvers handle queries for names > defined by the company and forward other queries to the outside. > To make this manageable, the corporate nameservers also need to delegate parts of the namespace to the operating subsidiaries. The concept of "horizon" seems (at least to me) to imply some limit beyond which there is no visibility. IMHO, the neutral concept of "view" describes the situation well enough to be useful. If we're going to tackle this problem, let's do it cleanly and completely. > > Steve > > > On Mon, Mar 19, 2018 at 5:14 PM, Paul Wouters <paul@nohats.ca> wrote: > >> On Mon, 19 Mar 2018, John Heidemann wrote: >> >> +1 on "split-horizon dns" as the term, over "split dns" and some other >>> neologism, on the basis of running code and existing documentation and >>> existing wide use. >>> >> >> I and google disagree: >> >> "split dns": 72900 hits >> "split horizon dns": 5640 hits >> >> >> If the document is about explaining terminology, it must explain "split >> dns" and can say another term for it is "split horizon dns", but not the >> other way around. >> >> I personally don't hear (or use) "split horizon dns" >> >> Paul >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > >
- [DNSOP] Terminology question: split DNS Paul Hoffman
- Re: [DNSOP] Terminology question: split DNS Paul Vixie
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Jim Reid
- Re: [DNSOP] Terminology question: split DNS Artyom Gavrichenkov
- Re: [DNSOP] Terminology question: split DNS Bob Harold
- Re: [DNSOP] Terminology question: split DNS Artyom Gavrichenkov
- Re: [DNSOP] Terminology question: split DNS George Michaelson
- Re: [DNSOP] Terminology question: split DNS Artyom Gavrichenkov
- Re: [DNSOP] Terminology question: split DNS Paul Vixie
- Re: [DNSOP] Terminology question: split DNS Jim Reid
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Robert Edmonds
- Re: [DNSOP] Terminology question: split DNS Paul Vixie
- Re: [DNSOP] Terminology question: split DNS George Michaelson
- Re: [DNSOP] Terminology question: split DNS Darcy Kevin (FCA)
- Re: [DNSOP] Terminology question: split DNS John Kristoff
- Re: [DNSOP] Terminology question: split DNS John Heidemann
- Re: [DNSOP] Terminology question: split DNS Paul Wouters
- Re: [DNSOP] Terminology question: split DNS Michael Sinatra
- Re: [DNSOP] Terminology question: split DNS Steve Crocker
- Re: [DNSOP] Terminology question: split DNS Paul Vixie
- Re: [DNSOP] Terminology question: split DNS Dick Franks
- Re: [DNSOP] Terminology question: split DNS Evan Hunt
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Andrew Sullivan
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Matt Larson
- Re: [DNSOP] Terminology question: split DNS Ted Lemon
- Re: [DNSOP] Terminology question: split DNS Darcy Kevin (FCA)
- Re: [DNSOP] Terminology question: split DNS Matthew Pounsett
- Re: [DNSOP] Terminology question: split DNS Matthew Pounsett
- Re: [DNSOP] Terminology question: split DNS Artyom Gavrichenkov