I'm in this list to clarify if this technology proposal causes issues for DNS:) But if the problem is seen as a host issue, not DNS, then this probably does not cause harm?
So from DNS system point of view, do you see any issues if some networks would provide policies for some hosts to perform DNS server selection wisely, in deployments where split-DNS is causing problems or is desired? I guess split DNS means different things in different places.. sometimes it is just optimization, sometimes the IP address received from interface 1 is not reachable over interface 2, sometimes the service is different (depending whether a site is accessed from intranet/extranet). Forbidding split-DNS probably is as possible as forbidding NATs:) Best regards, Teemu > -----Original Message----- > From: ext Edward Lewis [mailto:[email protected]] > Sent: 17. kesäkuuta 2010 20:45 > To: Savolainen Teemu (Nokia-D/Tampere) > Cc: [email protected]; [email protected] > Subject: RE: comments on draft-savolainen-mif-dns-server-selection > > At 14:51 +0200 6/17/10, <[email protected]> wrote: > > >Yes, but how to decide that? > > That's a multi-homed device issue. Not a DNS issue. (This is a DNS > mailing list.) I am sure you are more on top of multi-homed device > issues than I so I'll stick to the DNS implications. > > I think the importance of "DNS server selection" is overstated. The > DNS server you use isn't that important - in fact DNS is supposed to > hide what server is used. DNS is a client-cache-server protocol. > The cache is essentially a broker for getting the authoritative > answer. A client (stub) usually chooses a cache by policy and lets > the "server" be selected via the broker's/cache's magic. > > Perhaps the misunderstanding is that split DNS isn't designed to just > give out different answers based on location but give out answers > that are optimized based on location, with the optimization function > being some subjective thing. > Optimized may mean better routing, network traffic engineering, or > simply that the network is segmented and the host straddle what would > be an air (or firewall) gap in it. It isn't the case that subnet 1 > is told address A and subnet 2 is told address B arbitrarily. It may > be the case that address A cannot be reached via interface on subnet > 2. > > Unfortunately, split DNS isn't defined, so you can't be told how to > deal with it in a standard manner ("isn't defined" within the IETF > that is). ;) > > >In addition, the host may have corporate VPN active, which should be > used > >only for corporate traffic, not for bulk Internet access. (But this is > of > >course policy dependent issue, split tunnel may not be allowed). > > This remark is one that reminded me not to dive into the multi-homed > aspect of this. You are certainly on top of the issue. I can > sympathize - what you are facing is very similar to the problem with > scoped addresses in IPv6, that is, site-local and uniquely global > addresses. Knowing which to use is a hard thing, site-locals were > removed from the IPv6 addressing plan. > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > =-=- > Edward Lewis > NeuStar You can leave a voice message at +1-571-434- > 5468 > > Discussing IPv4 address policy is like deciding what to eat on the > Titanic. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
