There are basically two reasons to have split DNS 1. to prevent unreachable/ambigious addresses being used at the wrong time 2. to hide "internal" names
#1 can be addresses by minor changes to A/AAAA records to include scope information and then make getaddrinfo scope aware(). This would allow link-locals to be added to the DNS. #2 is basically security theatre. I'd love to be able to have something like this drugs.dv.isc.org. SA 192.168.191.236 dv.isc.org. drugs.dv.isc.org. SAAAA fd92:7065:b8e:0:214:22ff:fed9:fbdc dv.isc.org. drugs.dv.isc.org. SAAAA fe80::214:22ff:fed9:fbdc wired.dv.isc.org. drugs.dv.isc.org. SAAAA 2001:470:1f00:820:214:22ff:fed9:fbdc . and only have hosts with scope wired.dv.isc.org see fe80::214:22ff:fed9:fbdc, while host of scope dv.isc.org would see fd92:7065:b8e:0:214:22ff:fed9:fbdc and 192.168.191.236, and everyone would see 2001:470:1f00:820:214:22ff:fed9:fbd. RA's (and a equivalent mechanism for IPv4) would advertise scope names "wired.dv.isc.org", "dv.isc.org" and "." allowing getaddrinfo() to know which addresses to return and fill in appropriate scope informatin in sockaddr_in6.sin6_scope_id for fe80::214:22ff:fed9:fbdc.. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
