At 23:08 +0200 6/22/10, <[email protected]> wrote:
The hospital that does surgery on my foot probably gives me those
inserts as well.
What was unclear in the analogy is that the inserts are custom made,
from a prescription. So, no, the hospital would not likely have the
(same) inserts.
Where does DNS protocol start? The application should remain clueless for
sure, but once interface agnostic app calls gethostbyname() on multi-homed
host, it would be good if the answer would be the desired one.
The "service API" for DNS is, when dumbed down, this - for a given
name and type, here is the data that corresponds. Internal to this
is how the data is found or determined - query redirection via CNAME,
DNAME, error handling due to UDP as a transport, referrals from one
authority to another, synthesis of the response from either "rote
memory" or rules for construction, and ultimately even the authority
server's choice.
The core DNS protocol is unable to handle split-DNS..
Well, we need to define split DNS.
Still, I have had 3 employers since 1996 (I think) and all have use
of DNS configurations that handed out different information based on
whether you were in the office or on the global public Internet.
From what I have observed, the core protocol is quite capable of
supporting "split-DNS".
The "theoretical" observation that got me to accept split-DNS was
that split-DNS appears to queries to be no different from rapidly
updating a zone. If you ask at t=0 for the address of a server and
get 192.0.2.3 and then another person asks the same question at t=10
and gets 192.0.2.125 - it is indistinguishable whether:
1) The zone was updated
1a) The zone wasn't fully propagated to all authoritative servers
2) The authority was instructed to hand out different answers to
different people
3) Before DNSSEC: There was a forgery
and probably a few other possible reasons.
About 1a - when a master issues a new zone, prior to NOTIFY and less
so with it, there is a chance that one slave would have an older
serial number than another. The protocol didn't not have a problem
with this, there was no requirement to "lock" the authorities before
answering queries again, and so on.
I realize that that situation is not what you mean by split-DNS but
when looking at queries and responses, the situations are identical.
The difference you probably have in mind is visible when looking at
the intent and duration, etc., but that's invisible to the
query-response exchange. I know - I used to try to reverse engineer
broken set ups and ultimately realized it can't be done without
contacting the operator directly.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
The World Cup would be more fun if they didn't interrupt it with soccer games.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
