On Mon, Mar 19, 2018 at 6:05 PM, Bob Harold <rharo...@umich.edu> wrote: > In practice this is done by using either different DNS servers (or > processes), or multiple "views" in a DNS configuration.
Another issue here is that, for some enterprises at least, there's no single "internal network" anymore. There are different network scopes (_sometimes_ nested) ranging from "formally internal but treated as almost external" to "air gap-separated DMZ", with different policies, including different DNS policies. My second thought (personally) is that there might be a reason to just bury the "split DNS" definition whatsoever and to just define a "multi-horizon DNS", where a "horizon" is defined by a company's policy and _usually_ depends on the source IP address of a query (there may be exceptions). | Artyom Gavrichenkov | gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191 | mailto: xima...@gmail.com | fb: ximaera | telegram: xima_era | skype: xima_era | tel. no: +7 916 515 49 58 _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop