On Mon, Mar 19, 2018 at 6:05 PM, Bob Harold <rharo...@umich.edu> wrote:
> In practice this is done by using either different DNS servers (or
> processes), or multiple "views" in a DNS configuration.

Another issue here is that, for some enterprises at least, there's no
single "internal network" anymore. There are different network scopes
(_sometimes_ nested) ranging from "formally internal but treated as
almost external" to "air gap-separated DMZ", with different policies,
including different DNS policies.

My second thought (personally) is that there might be a reason to just
bury the "split DNS" definition whatsoever and to just define a
"multi-horizon DNS", where a "horizon" is defined by a company's
policy and _usually_ depends on the source IP address of a query
(there may be exceptions).

| Artyom Gavrichenkov
| gpg: 2deb 97b1 0a3c 151d b67f 1ee5 00e7 94bc 4d08 9191
| mailto: xima...@gmail.com
| fb: ximaera
| telegram: xima_era
| skype: xima_era
| tel. no: +7 916 515 49 58

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to