On Wed, 21 Nov 2018, Paul Wouters wrote:
I’m also not quite sure how this interacts with delegations. E.g:
example.com 600 IN NS ns01.internal.example
And then INTERNAL_DNS_DOMAIN(internal.example) — if the client runs a
local
recursive, does it need to send the query to ns01 though the VPN or not?
I added some text that clarifies dependencies:
Deployments that configure INTERNAL_DNS_DOMAIN domains should pay
close attention to their use of indirect reference RRtypes in their
internal-only domain names. Examples of such RRtypes are CNAME,
DNAME, MX or SRV records. For example, if the MX record for
"internal.example.com" points to "mx.internal.example.net", then both
"internal.example.com" and "internal.example.net" should be sent
using an INTERNAL_DNS_DOMAIN Configuration Payload.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec