Re: [DNSOP] Terminology question: split DNS

Dick Franks <> Mon, 19 March 2018 23:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6D33412D7F7 for <>; Mon, 19 Mar 2018 16:29:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id t-BOrXs8gy_R for <>; Mon, 19 Mar 2018 16:29:26 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 6312B12D7F4 for <>; Mon, 19 Mar 2018 16:29:26 -0700 (PDT)
Received: by with SMTP id 139so105657wmn.2 for <>; Mon, 19 Mar 2018 16:29:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=oezDDIQWJScr5J5f/QFP/Ma2hu2XhFzWD/LygsDNDCM=; b=ExXH25kjy7fv+Lfpt46g+5bn0kpwKp+LouQbMuVUzTnf8208KwF+UJGpdBd2KkBfc3 CicImg/0cJWgRM0uL0q0Eb1vgSPYjFYzw7jlKf9F88VtbLkd5fsPhs4fT88TwxbacAaW w+jrN7Cw7GZoRWyRyInkQ4ZnGPE2yNnZ7rgI0SMMZ9qHeQex7vIzA/upHsSEFVYX9aRX uUX5aLHjroINEAqaD0rli7RInDfdOd8TQwyVbXeUs+ukAbwCLVw4mweOrB4Stadv4Zch oTXfjHIaYQJoG9n/CVh0OMBocGbV6fGf1eHriojDxKLsonWL9Wag30fL6WbUawk6cOsl LjUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=oezDDIQWJScr5J5f/QFP/Ma2hu2XhFzWD/LygsDNDCM=; b=P8naHUb4ATiYU8OAIqoCR6S91qLVVnTPuKv2pZT4JvqPVDvdhfUnfRyAB5W15vT1fv bzSonc7AQ3cjn/J5foBQB2pMWTRKTlxqsLzg10YoXbAF22zHH3eWjSxxK6iSzYBfKVIO vXQrxgKp25s0RGlbNViNaifsmiyAD/xzx7IXJpafozH7uLiujdccoJDgHlOHhreEuwoA d2eCBn2MCJMkOvFKAWGHpJoUEWxvCzy3iZlyo7MfuB339l17+GV5IBnX3XsvgOVx+Wmv iusDR+QSr6tsCD56KJkxLy+OAjQCns80HboXGJu1rhNlS2+DbI1F267AQoaKTM5rCPPa /ybA==
X-Gm-Message-State: AElRT7GfzyJxbmjUBzHqjH1fiWeHypMAQThn2Rfsz17N+D1+4+SUAVWR MWkZq32hIuIFlgTwWgHJo9wWoctpTkbj0iAgLjE=
X-Google-Smtp-Source: AG47ELsxDX9a/ddHZiYjnNnmLEhW3EH5vqEMwwOdcgTrFokI12HpAHE1znIrK5mhLJbogxrDcubEqVcTbgV5KmknHzA=
X-Received: by with SMTP id z128mr400261wme.86.1521502164879; Mon, 19 Mar 2018 16:29:24 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Mon, 19 Mar 2018 16:28:44 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <>
From: Dick Franks <>
Date: Mon, 19 Mar 2018 23:28:44 +0000
X-Google-Sender-Auth: SWVSvSyhdpIBqiRSEekkeqTXFA8
Message-ID: <>
To: Steve Crocker <>
Cc: dnsop <>
Content-Type: multipart/alternative; boundary="001a11411012100d2a0567cc5441"
Archived-At: <>
Subject: Re: [DNSOP] Terminology question: split DNS
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 Mar 2018 23:29:28 -0000

On 19 March 2018 at 21:30, Steve Crocker <> wrote:

> I haven't been following the current thread but I have encountered this
> topic before and I have thought about the implications for DNSSEC.
> The terminology of "split DNS" -- and equivalently "split horizon DNS" --
> is, in my opinion, a bit limited.  It's not too hard to imagine further
> carve outs.  For me, the general case is at every point in the network,
> there is an external world and an internal world.  Let's say I am in charge
> of the systems that support a department within a division of a very large
> company.  I could imagine a department DNS that resolves names within the
> department but forwards other queries to the division DNS resolvers.

The simple distinction between "internal" and "external" does not begin to
describe the situation on the ground in the multi-national company that
used to employ me.

The only real "external" is the global internet.

Obviously, the local network, at subsidiary company, or in some cases
departmental level, is unambiguously "internal"

The operating subsidiaries were connected to a (corporate) national
network, and thence the international and global networks.

The DNS naming regime represented all these levels, including specifically,
a "view" of a subsidiary's (locally) maintained namespace visible from
other parts of the organisation.

The key ingredient that need to be captured in the description, is that
these are multiple "views" of a single database.  The view is a corporate
policy animal, and usually changes at a much lower rate than routine DNS
database maintenance.  This is a different proposition from selective

  They resolve names within the division and forward other queries to the
> company's resolvers.  The company's resolvers handle queries for names
> defined by the company and forward other queries to the outside.

To make this manageable, the corporate nameservers also need to delegate
parts of the namespace to the operating subsidiaries.

The concept of "horizon" seems (at least to me) to imply some limit beyond
which there is no visibility.

IMHO, the neutral concept of "view" describes the situation well enough to
be useful.

If we're going to tackle this problem, let's do it cleanly and completely.
> Steve
> On Mon, Mar 19, 2018 at 5:14 PM, Paul Wouters <> wrote:
>> On Mon, 19 Mar 2018, John Heidemann wrote:
>> +1 on "split-horizon dns" as the term, over "split dns" and some other
>>> neologism, on the basis of running code and existing documentation and
>>> existing wide use.
>> I and google disagree:
>> "split dns":  72900 hits
>> "split horizon dns": 5640 hits
>> If the document is about explaining terminology, it must explain "split
>> dns" and can say another term for it is "split horizon dns", but not the
>> other way around.
>> I personally don't hear (or use) "split horizon dns"
>> Paul
>> _______________________________________________
>> DNSOP mailing list
> _______________________________________________
> DNSOP mailing list