IETF Logo Mail Archive

RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))

"Michel Py" <michel@arneill-py.sacramento.ca.us> Tue, 01 April 2003 01:56 UTC

Received: from ran.ietf.org (ran.ietf.org [10.27.6.60]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA06789; Mon, 31 Mar 2003 20:56:56 -0500 (EST)
Received: from majordomo by ran.ietf.org with local (Exim 4.10) id 190BBd-0004yR-00 for ietf-list@ran.ietf.org; Mon, 31 Mar 2003 21:07:41 -0500
Received: from odin.ietf.org ([10.27.2.28] helo=ietf.org) by ran.ietf.org with esmtp (Exim 4.10) id 190BBU-0004wP-00 for ietf@ran.ietf.org; Mon, 31 Mar 2003 21:07:32 -0500
Received: from SERVER2000.arneill-py.sacramento.ca.us (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA06659 for <ietf@ietf.org>; Mon, 31 Mar 2003 20:51:04 -0500 (EST)
Content-class: urn:content-classes:message
Subject: RE: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Mon, 31 Mar 2003 17:53:29 -0800
Message-ID: <963621801C6D3E4A9CF454A1972AE8F504F70A@server2000.arneill-py.sacramento.ca.us>
X-MimeOLE: Produced By Microsoft Exchange V6.5.6803.0
Thread-Topic: Thinking differently about the site local problem (was: RE: site local addresses (was Re: Fw: Welcome to the InterNAT...))
Thread-Index: AcL3y38nglcPAnalTcWbcRc8hAcuWQAIbjAA
From: Michel Py <michel@arneill-py.sacramento.ca.us>
To: Margaret Wasserman <mrw@windriver.com>
Cc: ietf@ietf.org
Sender: owner-ietf@ietf.org
Precedence: bulk
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by ietf.org id UAA06789

Margaret,

> Margaret Wasserman wrote:
> (2) Institutionalizing the need for split DNS. I understand
> that some network administrators choose to use split DNS
> today, but that doesn't meant that we want to build a
> requirement for split DNS it into the IPv6 architecture.

I don't think "Institutionalizing" is a good choice of words here. Split
DNS is not unique to site-local addresses, it's not even unique to
private addresses. I have seen several sites that have split DNS even
though they use public addresses only. Out of the 50 something distinct
sites that I administer, I think only one or two do not have split DNS.

> IMO, requiring the DNS infrastructure to be aware of and
> enforce topology boundaries is a poor architectural choice.

In theory, I agree but the fact of the matter is that it already is
aware of the topology and I don't see this changing any time soon. Don't
get me wrong: I do not like split DNS, but I have seen it on sites that
have a single public address per host. There also are multitudes of perl
scripts that parse custom zone files to make multiple different ones,
such as the very typical example below that will produce 2 set of zone
files:
(yes I know it does include NAT but keep in mind this is today's reality
too).

name inside_addr  outside_addr
www  192.168.1.2  209.233.126.65   # web server
ftp  192.168.1.3  209.233.126.65   # ftp server
sql  192.168.1.4  0.0.0.0
pop3 0.0.0.0      209.233.126.65

[parse with homebrew perl script]

zone file for inside DNS servers:
www  192.168.1.2  # web server
ftp  192.168.1.3  # ftp server
sql  192.168.1.4

zone file for outside DNS servers:
www  209.233.126.65   # web server
ftp  209.233.126.65   # ftp server
pop3 209.233.126.65

Again I'm not saying this is good but don't think it will be introduced
or institutionalized with site-local addresses; it's been around for a
long time.

Michel.

v2.23.0 | Report a Bug | By Email