On Mar 11, 2012, at 1:27 PM 3/11/12, Jim Gettys wrote:

> On 03/11/2012 01:25 PM, Ralph Droms wrote:
>> Suppose that view is on a per-device basis rather than per server?
>> 
>> With something like environment variables in front of "classic" DNS 
>> resolution in the host resolver...
> 
> What's the use case for such complexity?  Otherwise, my answer is KISS...

I think a device will want multiple views...
* network it's currently attached to
* "home" network it's usually attached to
* (OK, so it's Sunday afternoon; I'm busy with other stuff and ran out of other 
contexts.  Anyone?  Buehler?)

...and avoid split views in the DNS itself and avoid all the questions about 
what gets published where.

- Ralph


>                    - Jim
> 
> 
>> 
>> - Ralph
>> 
>> On Mar 11, 2012, at 11:43 AM 3/11/12, Jim Gettys wrote:
>> 
>>> On 03/11/2012 11:25 AM, Ted Lemon wrote:
>>>> On Mar 11, 2012, at 11:03 AM, Jim Gettys <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>> I think there is an interesting question of whether interior *names*
>>>>> should be automatically published into the global DNS by default or
>>>>> not,  which will depend on the security of the devices and systems and
>>>>> the users' expertise, if only to make it a bit harder for attackers to
>>>>> discover interior systems to attack (since with IPv6 finding them by
>>>>> brute force address space search is relatively hard).
>>>> Doesn't making the zone non-enumerable and disabling zone transfers
>>>> address this problem?   I guess you could still do a dictionary attack
>>>> on the zone and decrease the cost of the search somewhat in the usual
>>>> case, but it's a pretty sketchy way to try to start an attack.  
>>>> Having said that, I think it's probably fine to disable propagation of
>>>> the zone by default, except that then we have to figure out what to
>>>> name the non-propagated zone, and how to deal with the transition from
>>>> non-propagated to propagated.
>>>> 
>>> Had been thinking more along the line of the multiple "view" stuff in
>>> bind; there would be/is already a public view, and then a private view
>>> only visible internally.
>>>                       - Jim
>>> 
> 

_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet

Reply via email to