This sounds a bit like the provisioning domain DNS problem. I felt that PvD was IPv4 think applied to DNS.
I strongly agree with you recommendation: > Globally unique names do not equate to globally resolvable names or even > global names that resolve the same way from every perspective. Globally > unique names can prevent any possibility of collisions at present or in the > future, and they make DNSSEC trust manageable. Consider using a registered > and fully qualified domain name (FQDN) from global DNS as the root for > enterprise and other internal namespaces. Do a zone cut for cloud.example.net, put up some NS records for that, and then answer queries only when the question comes from authorized cloud providers. The answer might well be ULAs that only work within the VPN, or RFC1918 even. I wrote a document awhile ago suggesting this: https://datatracker.ietf.org/doc/html/draft-richardson-homenet-secret-gardens-01 but, MIF shutdown before I could take it anywhere. -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
signature.asc
Description: PGP signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop