RE: [DNSOP] Solicit feedback on the problems of DNS for Cloud Resources described by the draft-ietf-rtgwg-net2cloud-problem-statement
Morizot Timothy S <Timothy.S.Morizot@irs.gov> Thu, 13 February 2020 12:23 UTC
Return-Path: <Timothy.S.Morizot@irs.gov>
X-Original-To: rtgwg@ietfa.amsl.com
Delivered-To: rtgwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C628120013; Thu, 13 Feb 2020 04:23:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=irs.gov
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J_wa240fEA64; Thu, 13 Feb 2020 04:23:28 -0800 (PST)
Received: from EMG5.irs.gov (emg5.irs.gov [IPv6:2610:30:4000:25::92]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8C64120058; Thu, 13 Feb 2020 04:23:27 -0800 (PST)
X-IronPort-AV: E=Sophos;i="5.70,436,1574139600"; d="scan'208,217";a="274893283"
Received: from unknown (HELO mtb0120img1.mcc.irs.gov) ([10.207.120.253]) by mtb0120emg5.mcc.irs.gov with ESMTP; 13 Feb 2020 07:23:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=irs.gov; l=52058; q=dns/txt; s=irs-20171230; t=1581596602; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; z=From:=20Morizot=20Timothy=20S=20<Timothy.S.Morizot@irs.g ov>|To:=20Linda=20Dunbar=20<linda.dunbar@futurewei.com>, =20Paul=20Vixie=20<paul@redbarn.org>,=0D=0A=09"dnsop@ietf .org"=20<dnsop@ietf.org>,=20Paul=20Ebersman=20<ebersman-i etf@dragon.net>|CC:=20RTGWG=20<rtgwg@ietf.org>|Subject: =20RE:=20[DNSOP]=20Solicit=20feedback=20on=20the=20proble ms=20of=20DNS=20for=20Cloud=0D=0A=20Resources=20described =20by=20the=20draft-ietf-rtgwg-net2cloud-problem-statemen t|Date:=20Thu,=2013=20Feb=202020=2012:23:21=20+0000 |Message-ID:=20<8d6030c122c94e98a63fbec8a7f32e3b@irs.gov> |References:=20<BN6PR1301MB2083B6F88FDE9A0A4EA2384985180@ BN6PR1301MB2083.namprd13.prod.outlook.com>=0D=0A=20<BN6PR 1301MB20839C511BDF230D79658BF485180@BN6PR1301MB2083.nampr d13.prod.outlook.com>=0D=0A=20<1698737.Wqn7rEUb4T@linux-9 daj>=20<31b15893bd0b4b2a871f4779331c99d6@irs.gov>=0D=0A =20<MWHPR1301MB20963F4BA7C3B157373174FD851B0@MWHPR1301MB2 096.namprd13.prod.outlook.com>|In-Reply-To:=20<MWHPR1301M B20963F4BA7C3B157373174FD851B0@MWHPR1301MB2096.namprd13.p rod.outlook.com>|MIME-Version:=201.0; bh=YU00ceGDJCAinlSTvTw+8oll65smzJYI1pWmHFmCMHg=; b=gNuPuZVVQGBjeMLfvin71g2ZyEfsgFHwZkRnJAumu5tlIY6aehCv4vbe f1IOiOx7LhMt/LcLXIL9x97D5dh/sDOoQHYSojGlm5WyvMq0k1jQsH43w 6yzp5Q0w9tbkd+0Ej3QADO2lezr6Ekf3o1ZvXJ08039nA/NEh29OeR5WP 3SrXJTTQsaa5GQyT+fdQGkOT3Wk4l06NlzUaOlwnFClw4owSh6GdHFcUu /hAhfGDzvsnbL5y5ghfoTSas55k7CFJbsRj23Z3LGEKYoSxPIlEbxq8RZ 79S4S47Ol589pzl5VzszVxLKGmTVKyZ72PYuceRkpPTW205g0sPMROYXr w==;
Received: from mtb0120ppexh030.ds.irsnet.gov ([10.207.136.81]) by mtb0120img1.mcc.irs.gov with ESMTP/TLS/AES256-GCM-SHA384; 13 Feb 2020 12:23:22 +0000
Received: from MTB0120PPEXH050.ds.irsnet.gov (10.207.136.83) by MTB0120PPEXH030.ds.irsnet.gov (10.207.136.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1847.3; Thu, 13 Feb 2020 07:23:21 -0500
Received: from MTB0120PPEXH050.ds.irsnet.gov ([fe80::9de0:134:e3b8:a42d]) by MTB0120PPEXH050.ds.irsnet.gov ([fe80::9de0:134:e3b8:a42d%15]) with mapi id 15.01.1847.003; Thu, 13 Feb 2020 07:23:21 -0500
From: Morizot Timothy S <Timothy.S.Morizot@irs.gov>
To: Linda Dunbar <linda.dunbar@futurewei.com>, Paul Vixie <paul@redbarn.org>, "dnsop@ietf.org" <dnsop@ietf.org>, Paul Ebersman <ebersman-ietf@dragon.net>
CC: RTGWG <rtgwg@ietf.org>
Subject: RE: [DNSOP] Solicit feedback on the problems of DNS for Cloud Resources described by the draft-ietf-rtgwg-net2cloud-problem-statement
Thread-Topic: [DNSOP] Solicit feedback on the problems of DNS for Cloud Resources described by the draft-ietf-rtgwg-net2cloud-problem-statement
Thread-Index: AdXhDgZ3FNT4wyuhTVyPeuEWPmJf/gAGVoPAABTPqoAACM4WMAAgvCAAABGFQBA=
Date: Thu, 13 Feb 2020 12:23:21 +0000
Message-ID: <8d6030c122c94e98a63fbec8a7f32e3b@irs.gov>
References: <BN6PR1301MB2083B6F88FDE9A0A4EA2384985180@BN6PR1301MB2083.namprd13.prod.outlook.com> <BN6PR1301MB20839C511BDF230D79658BF485180@BN6PR1301MB2083.namprd13.prod.outlook.com> <1698737.Wqn7rEUb4T@linux-9daj> <31b15893bd0b4b2a871f4779331c99d6@irs.gov> <MWHPR1301MB20963F4BA7C3B157373174FD851B0@MWHPR1301MB2096.namprd13.prod.outlook.com>
In-Reply-To: <MWHPR1301MB20963F4BA7C3B157373174FD851B0@MWHPR1301MB2096.namprd13.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.207.132.68]
Content-Type: multipart/alternative; boundary="_000_8d6030c122c94e98a63fbec8a7f32e3birsgov_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtgwg/gOAzHGot9jOxL-sLSI5-IrcLF70>
X-BeenThere: rtgwg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Routing Area Working Group <rtgwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtgwg/>
List-Post: <mailto:rtgwg@ietf.org>
List-Help: <mailto:rtgwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtgwg>, <mailto:rtgwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 12:23:31 -0000
Linda Dunbar wrote: >Thank you very much for suggesting using the Globally unique domain name and having subdomains not resolvable outside the organization. >I took some of your wording into the section. Please let us know if the description can be improved. Thanks. I think that covers a reasonable approach to avoid collisions and ensure resolution and validation occur as desired by the organization with administrative control over the domains used. I realized I accidentally omitted a 'when' that makes the last sentence scan properly. In the process, I noticed what looked like a couple of other minor edits that could improve readability. I did not see any substantive issues with the revised text but did include those minor proposed edits below. Scott 3.4. DNS for Cloud Resources DNS name resolution is essential for on-premises and cloud-based resources. For customers with hybrid workloads, which include on-premises and cloud-based resources, extra steps are necessary to configure DNS to work seamlessly across both environments. Cloud operators have their own DNS to resolve resources within their Cloud DCs and to well-known public domains. Cloud's DNS can be configured to forward queries to customer managed authoritative DNS servers hosted on-premises, and to respond to DNS queries forwarded by on-premises DNS servers. For enterprises utilizing Cloud services by different cloud operators, it is necessary to establish policies and rules on how/where to forward DNS queries. When applications in one Cloud need to communicate with applications hosted in another Cloud, there could be DNS queries from one Cloud DC being forwarded to the enterprise's on premise DNS, which in turn can be forwarded to the DNS service in another Cloud. Needless to say, configuration can be complex depending on the application communication patterns. However, even with carefully managed policies and configurations, collisions can still occur. If you use an internal name like .cloud and then want your services to be available via or within some other cloud provider which also uses .cloud, then it can't work. Therefore, it is better to use the global domain name even when an organization does not make all its namespace globally resolvable. An organization's globally unique DNS can include subdomains that cannot be resolved at all outside certain restricted paths, zones that resolve differently based on the origin of the query and zones that resolve the same globally for all queries from any source. Globally unique names do not equate to globally resolvable names or even global names that resolve the same way from every perspective. Globally unique names do prevent any possibility of collision at the present or in the future and they make DNSSEC trust manageable. It's not as if there is or even could be some sort of shortage in available names that can be used, especially when subdomains and the ability to delegate administrative boundaries are considered.
- Solicit feedback on the problems of DNS for Cloud… Linda Dunbar
- Re: [dnssd] Solicit feedback on the problems of D… David Schinazi
- Solicit feedback on the problems of DNS for Cloud… Linda Dunbar
- RE: [DNSOP] Solicit feedback on the problems of D… Linda Dunbar
- RE: [DNSOP] Solicit feedback on the problems of D… Linda Dunbar
- Re: [DNSOP] Solicit feedback on the problems of D… Paul Vixie
- RE: [DNSOP] Solicit feedback on the problems of D… Morizot Timothy S
- RE: [DNSOP] Solicit feedback on the problems of D… Linda Dunbar
- Re: [DNSOP] Solicit feedback on the problems of D… Scott Morizot
- RE: [DNSOP] Solicit feedback on the problems of D… Linda Dunbar