At 14:22 +0200 6/15/10, <[email protected]> wrote:
https://datatracker.ietf.org/doc/draft-savolainen-mif-dns-server-selection/
Comments on the draft.
In general, I think that architecturally a host has to treat each
interface somewhat independently and then choose the interface to use
for a network event. That is, the host should not treat all the DNS
servers equally regardless of the which interface they are serving.
You shouldn't choose to use an 802.11 connected DNS server to direct
packets on your wired LAN if the latter also has a DNS server. I am
reacting to this section:
3. DNS server selection procedure
The list of servers should be per interface. Each interface can be
contacted for it's best way to reach the remote end, and the
interface that's best ought to be chosen and the DNS server that is
selected has to be one on that interface.
DISCUSS: Even more more known problem scenarios caused by split DNS
for multi-homed hosts?
An indirect reaction. Multihoming isn't a problem for the DNS, it's
a problem for forwarding on the multihomed host. There are good
reasons to multihome, but that's a situation unique to those hosts -
and the multihomed machine has better situational awareness of it's
topology than any other device.
DISCUSS: What about those DNS servers that instead of
negative answer always return positive reply with an IP address of
some default HTTP server, which purpose is just to say 'authenticate'
or 'page not found'? Maybe DNSSEC would help here, i.e. roll through
DNS servers until one provides a response that can be validated?
This issue is orthogonal to multihoming.
DISCUSS: When DNSSEC is used, in
split-DNS case it is probably possible to have authoritative answers
for both existence and non-existence of a record, depending on the
interface question is sent on?
Yep. I think this is common. I've seen machines that straddle the
firewall boundary that will be getting the organization-internal zone
on one interface and the organization-external zone on the other.
The internal one usually has more hosts listed, hosts that are not
visible externally.
This straddling is not the same as having multiple-media interfaces
as mentioned elsewhere. When straddling a boundary, names will be
different by design. When considering different media (wireless vs.
wired) it could be both are supposed to be open to the internet and
hence have the same names.
Finally I'd refer this problem to the issue of: once you have a pool
of addresses for the desired endpoint, which do you choose? The DNS
can't help there, it doesn't know routing. Similarly, the DNS can't
distinguish a multi-homed host from two hosts at different IP
addresses, so it's up to the host to deal with it.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
Discussing IPv4 address policy is like deciding what to eat on the Titanic.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
