Steve Crocker wrote:
I haven't been following the current thread but I have encountered this
topic before and I have thought about the implications for DNSSEC.
The terminology of "split DNS" -- and equivalently "split horizon DNS"
-- is, in my opinion, a bit limited. It's not too hard to imagine
further carve outs. For me, the general case is at every point in the
network, there is an external world and an internal world. ...
i think two things. probably more, but two that occur upon the above.
first, that general case is not described in detail in the documentation
of the Internet System. a brief overview is given in RFC 1918 (BCP 5),
in the last paragraph of section 5, but more is needed.
second, more specific cases exist, where configuration cognizance is
given to *several* external worlds AND *several* internal worlds.
bind9's "view" feature accounts for this, but the resulting capabilities
are very hard to describe in a general way.
see also: <http://family.redbarn.org/~vixie/proxynet.pdf>.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
