At 14:51 +0200 6/17/10, <[email protected]> wrote:
Yes, but how to decide that?
That's a multi-homed device issue. Not a DNS issue. (This is a DNS mailing list.) I am sure you are more on top of multi-homed device issues than I so I'll stick to the DNS implications.
I think the importance of "DNS server selection" is overstated. The DNS server you use isn't that important - in fact DNS is supposed to hide what server is used. DNS is a client-cache-server protocol. The cache is essentially a broker for getting the authoritative answer. A client (stub) usually chooses a cache by policy and lets the "server" be selected via the broker's/cache's magic.
Perhaps the misunderstanding is that split DNS isn't designed to just give out different answers based on location but give out answers that are optimized based on location, with the optimization function being some subjective thing. Optimized may mean better routing, network traffic engineering, or simply that the network is segmented and the host straddle what would be an air (or firewall) gap in it. It isn't the case that subnet 1 is told address A and subnet 2 is told address B arbitrarily. It may be the case that address A cannot be reached via interface on subnet 2.
Unfortunately, split DNS isn't defined, so you can't be told how to deal with it in a standard manner ("isn't defined" within the IETF that is). ;)
In addition, the host may have corporate VPN active, which should be used only for corporate traffic, not for bulk Internet access. (But this is of course policy dependent issue, split tunnel may not be allowed).
This remark is one that reminded me not to dive into the multi-homed aspect of this. You are certainly on top of the issue. I can sympathize - what you are facing is very similar to the problem with scoped addresses in IPv6, that is, site-local and uniquely global addresses. Knowing which to use is a hard thing, site-locals were removed from the IPv6 addressing plan.
-- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis NeuStar You can leave a voice message at +1-571-434-5468 Discussing IPv4 address policy is like deciding what to eat on the Titanic. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
