On Mar 11, 2012, at 1:27 PM 3/11/12, Jim Gettys wrote: > On 03/11/2012 01:25 PM, Ralph Droms wrote: >> Suppose that view is on a per-device basis rather than per server? >> >> With something like environment variables in front of "classic" DNS >> resolution in the host resolver... > > What's the use case for such complexity? Otherwise, my answer is KISS...
I think a device will want multiple views... * network it's currently attached to * "home" network it's usually attached to * (OK, so it's Sunday afternoon; I'm busy with other stuff and ran out of other contexts. Anyone? Buehler?) ...and avoid split views in the DNS itself and avoid all the questions about what gets published where. - Ralph > - Jim > > >> >> - Ralph >> >> On Mar 11, 2012, at 11:43 AM 3/11/12, Jim Gettys wrote: >> >>> On 03/11/2012 11:25 AM, Ted Lemon wrote: >>>> On Mar 11, 2012, at 11:03 AM, Jim Gettys <[email protected] >>>> <mailto:[email protected]>> wrote: >>>>> I think there is an interesting question of whether interior *names* >>>>> should be automatically published into the global DNS by default or >>>>> not, which will depend on the security of the devices and systems and >>>>> the users' expertise, if only to make it a bit harder for attackers to >>>>> discover interior systems to attack (since with IPv6 finding them by >>>>> brute force address space search is relatively hard). >>>> Doesn't making the zone non-enumerable and disabling zone transfers >>>> address this problem? I guess you could still do a dictionary attack >>>> on the zone and decrease the cost of the search somewhat in the usual >>>> case, but it's a pretty sketchy way to try to start an attack. >>>> Having said that, I think it's probably fine to disable propagation of >>>> the zone by default, except that then we have to figure out what to >>>> name the non-propagated zone, and how to deal with the transition from >>>> non-propagated to propagated. >>>> >>> Had been thinking more along the line of the multiple "view" stuff in >>> bind; there would be/is already a public view, and then a private view >>> only visible internally. >>> - Jim >>> > _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
