On 19 March 2018 at 21:30, Steve Crocker <st...@shinkuro.com> wrote: > I haven't been following the current thread but I have encountered this > topic before and I have thought about the implications for DNSSEC. > > The terminology of "split DNS" -- and equivalently "split horizon DNS" -- > is, in my opinion, a bit limited. It's not too hard to imagine further > carve outs. For me, the general case is at every point in the network, > there is an external world and an internal world. Let's say I am in charge > of the systems that support a department within a division of a very large > company. I could imagine a department DNS that resolves names within the > department but forwards other queries to the division DNS resolvers. >
The simple distinction between "internal" and "external" does not begin to describe the situation on the ground in the multi-national company that used to employ me. The only real "external" is the global internet. Obviously, the local network, at subsidiary company, or in some cases departmental level, is unambiguously "internal" The operating subsidiaries were connected to a (corporate) national network, and thence the international and global networks. The DNS naming regime represented all these levels, including specifically, a "view" of a subsidiary's (locally) maintained namespace visible from other parts of the organisation. The key ingredient that need to be captured in the description, is that these are multiple "views" of a single database. The view is a corporate policy animal, and usually changes at a much lower rate than routine DNS database maintenance. This is a different proposition from selective forwarding. They resolve names within the division and forward other queries to the > company's resolvers. The company's resolvers handle queries for names > defined by the company and forward other queries to the outside. > To make this manageable, the corporate nameservers also need to delegate parts of the namespace to the operating subsidiaries. The concept of "horizon" seems (at least to me) to imply some limit beyond which there is no visibility. IMHO, the neutral concept of "view" describes the situation well enough to be useful. If we're going to tackle this problem, let's do it cleanly and completely. > > Steve > > > On Mon, Mar 19, 2018 at 5:14 PM, Paul Wouters <p...@nohats.ca> wrote: > >> On Mon, 19 Mar 2018, John Heidemann wrote: >> >> +1 on "split-horizon dns" as the term, over "split dns" and some other >>> neologism, on the basis of running code and existing documentation and >>> existing wide use. >>> >> >> I and google disagree: >> >> "split dns": 72900 hits >> "split horizon dns": 5640 hits >> >> >> If the document is about explaining terminology, it must explain "split >> dns" and can say another term for it is "split horizon dns", but not the >> other way around. >> >> I personally don't hear (or use) "split horizon dns" >> >> Paul >> >> >> _______________________________________________ >> DNSOP mailing list >> DNSOP@ietf.org >> https://www.ietf.org/mailman/listinfo/dnsop >> > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
