Re: [DNSOP] Terminology question: split DNS

2018-03-21 Thread Artyom Gavrichenkov
On Mon, Mar 19, 2018 at 9:24 PM, Michael Sinatra wrote: > Rather than try for some physical demarcation like "firewall" or "network," > why don't we simply say "organizationally-defined perimeter" or "perimeter > defined by the organization," which leaves it vague enough to support the > "many pot

Re: [DNSOP] Terminology question: split DNS

2018-03-21 Thread Matthew Pounsett
On 20 March 2018 at 11:10, Ted Lemon wrote: > On Mar 20, 2018, at 3:05 PM, Matt Larson wrote: > > +1 to "split DNS", which has always been the term I've used and heard. I > completely agree that "split horizon" muddies the water by referring to a > routing concept that probably pre-dates widespr

Re: [DNSOP] Terminology question: split DNS

2018-03-20 Thread Matthew Pounsett
On 19 March 2018 at 17:24, Michael Sinatra wrote: > > Rather than try for some physical demarcation like "firewall" or > "network," why don't we simply say "organizationally-defined perimeter" or > "perimeter defined by the organization," which leaves it vague enough to > support the "many potent

Re: [DNSOP] Terminology question: split DNS

2018-03-20 Thread Darcy Kevin (FCA)
: Tuesday, March 20, 2018 5:05 AM To: Paul Wouters Cc: dnsop WG Subject: Re: [DNSOP] Terminology question: split DNS Yes, split horizon is the original term, which has experienced linguistic drift and is now just split DNS. I think there is a useful distinction to be made between the various

Re: [DNSOP] Terminology question: split DNS

2018-03-20 Thread Ted Lemon
On Mar 20, 2018, at 3:05 PM, Matt Larson wrote: > +1 to "split DNS", which has always been the term I've used and heard. I > completely agree that "split horizon" muddies the water by referring to a > routing concept that probably pre-dates widespread use of split DNS. The term "split horizon"

Re: [DNSOP] Terminology question: split DNS

2018-03-20 Thread Matt Larson
> On Mar 19, 2018, at 3:26 PM, Darcy Kevin (FCA) > wrote: > > The trouble with "split horizon" is that it is a term of inter-network > routing of much older and more-established provenance, and thus to use it for > DNS can be viewed as a usurpation, and ultimately, confusing. (I know Cricket

Re: [DNSOP] Terminology question: split DNS

2018-03-20 Thread Ted Lemon
I think split horizon is really specific to source address, but I agree with your clarification as it applies to views. Also agree that we should mention all variants. On Mar 20, 2018 13:52, "Andrew Sullivan" wrote: > On Mon, Mar 19, 2018 at 05:58:08PM +, Ted Lemon wrote: > > Where DNS ser

Re: [DNSOP] Terminology question: split DNS

2018-03-20 Thread Andrew Sullivan
On Mon, Mar 19, 2018 at 05:58:08PM +, Ted Lemon wrote: > Where DNS servers that are authoritative for a particular set of domains > provide partly or completely different answers in those domains depending > on the source of the query. The effect of this is that a domain name that > i

Re: [DNSOP] Terminology question: split DNS

2018-03-20 Thread Ted Lemon
Yes, split horizon is the original term, which has experienced linguistic drift and is now just split DNS. I think there is a useful distinction to be made between the various different ways that global names may have different meanings in different contexts. RFC 2826 talks about this a bit, and

Re: [DNSOP] Terminology question: split DNS

2018-03-20 Thread Evan Hunt
On Mon, Mar 19, 2018 at 05:58:08PM +, Ted Lemon wrote: > Yeah, that's a bit iffy. Homenet is another example of the same thing. > I would make it more generic, something like this: > > Where DNS servers that are authoritative for a particular set of domains > provide partly or completely

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Dick Franks
On 19 March 2018 at 21:30, Steve Crocker wrote: > I haven't been following the current thread but I have encountered this > topic before and I have thought about the implications for DNSSEC. > > The terminology of "split DNS" -- and equivalently "split horizon DNS" -- > is, in my opinion, a bit l

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Paul Vixie
Steve Crocker wrote: I haven't been following the current thread but I have encountered this topic before and I have thought about the implications for DNSSEC. The terminology of "split DNS" -- and equivalently "split horizon DNS" -- is, in my opinion, a bit limited. It's not too hard to imag

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Steve Crocker
I haven't been following the current thread but I have encountered this topic before and I have thought about the implications for DNSSEC. The terminology of "split DNS" -- and equivalently "split horizon DNS" -- is, in my opinion, a bit limited. It's not too hard to imagine further carve outs.

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Michael Sinatra
On 3/19/18 11:14 AM, Jim Reid wrote: On 19 Mar 2018, at 18:09, Artyom Gavrichenkov wrote: Another issue here is that, for some enterprises at least, there's no single "internal network" anymore. We don't need to enumerate every potential split DNS scenario (or how it's implemented). The o

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Paul Wouters
On Mon, 19 Mar 2018, John Heidemann wrote: +1 on "split-horizon dns" as the term, over "split dns" and some other neologism, on the basis of running code and existing documentation and existing wide use. I and google disagree: "split dns": 72900 hits "split horizon dns": 5640 hits If the d

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread John Heidemann
On Mon, 19 Mar 2018 11:33:12 -0700, Paul Vixie wrote: > > >Ted Lemon wrote: >> On Mar 19, 2018, at 6:10 PM, George Michaelson > > wrote: >>> "A DNS resolver which looks at the client requesting address, and uses >> >> That's a different thing. There's a distinction betwee

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread John Kristoff
On Mon, 19 Mar 2018 19:26:42 + "Darcy Kevin (FCA)" wrote: > How about just "disjoint DNS" or "non-synchronized DNS"? Or, to > hijack the Perl motto, TMTOWTRI (There's More Than One Way To Resolve > It :-) Coming up with new names though is less than ideal. The Microsoft community has used s

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Darcy Kevin (FCA)
19, 2018 1:55 PM To: Paul Hoffman Cc: dnsop Subject: Re: [DNSOP] Terminology question: split DNS Paul Hoffman wrote: > Some folks had reservations about the current definition of "split > DNS": "Where a corporate network serves up partly or completely > different DNS in

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread George Michaelson
The quality to me, which was there in abstract, is a port-53 bound daemon, which uses the client IP network or /32 to specify how it answers. Server, Resolver, these are distinct classes. I felt split-horizon was the moment of decision logic from "who asked" If anyone has actually bound it to "wh

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Paul Vixie
Ted Lemon wrote: On Mar 19, 2018, at 6:10 PM, George Michaelson mailto:g...@algebras.org>> wrote: "A DNS resolver which looks at the client requesting address, and uses That's a different thing. There's a distinction between a resolver that gives different answers, and a set of authoritative

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Robert Edmonds
Artyom Gavrichenkov wrote: > On Mon, Mar 19, 2018 at 5:47 PM, Paul Hoffman wrote: > > [..] the basic point is that the > >correspondence between a given FQDN (fully qualified domain name) and a > >given IPv4 address is no longer universal and stable over long periods." > > IP v. being wha

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Ted Lemon
On Mar 19, 2018, at 6:10 PM, George Michaelson wrote: > "A DNS resolver which looks at the client requesting address, and uses That's a different thing. There's a distinction between a resolver that gives different answers, and a set of authoritative servers that give different answers. I be

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Jim Reid
> On 19 Mar 2018, at 18:09, Artyom Gavrichenkov wrote: > > Another issue here is that, for some enterprises at least, there's no > single "internal network" anymore. We don't need to enumerate every potential split DNS scenario (or how it's implemented). The original text says "there are many

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Paul Vixie
Bob Harold wrote: I think the key part is: "different answers depending on the source of the query." In practice this is done by using either different DNS servers (or processes), or multiple "views" in a DNS configuration. (Is "view" in BIND called something else in other software?) bob hal

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Artyom Gavrichenkov
yeah, a simple example of such an exception is an anycast DNS network which doesn't even look at the source IP address, but just has completely different zones deployed in different points of presence. When a PoP goes down, the same IP address will be directed to another PoP and will start rece

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread George Michaelson
"A DNS resolver which looks at the client requesting address, and uses this to serve different versions of information about a zone based on which client address or prefix requests it." the concept of "side" is rather limited. split DNS can encompass more than two sides can't it? -George On Mon,

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Artyom Gavrichenkov
On Mon, Mar 19, 2018 at 6:05 PM, Bob Harold wrote: > In practice this is done by using either different DNS servers (or > processes), or multiple "views" in a DNS configuration. Another issue here is that, for some enterprises at least, there's no single "internal network" anymore. There are diff

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Bob Harold
On Mon, Mar 19, 2018 at 2:00 PM, Artyom Gavrichenkov wrote: > On Mon, Mar 19, 2018 at 5:47 PM, Paul Hoffman > wrote: > > [..] the basic point is that the > >correspondence between a given FQDN (fully qualified domain name) and > a > >given IPv4 address is no longer universal and stable o

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Artyom Gavrichenkov
On Mon, Mar 19, 2018 at 5:47 PM, Paul Hoffman wrote: > [..] the basic point is that the >correspondence between a given FQDN (fully qualified domain name) and a >given IPv4 address is no longer universal and stable over long periods." IP v. being whatever, 4 or 6, there's a bunch of reaso

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Ted Lemon
On Mar 19, 2018, at 5:47 PM, Paul Hoffman wrote: > Some folks had reservations about the current definition of "split DNS": > "Where a corporate network serves up partly or completely different DNS > inside and outside > its firewall. There are many possible variants on this; the basic point

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Jim Reid
> On 19 Mar 2018, at 17:47, Paul Hoffman wrote: > > Some folks had reservations about the current definition of "split DNS": > "Where a corporate network serves up partly or completely different DNS > inside and outside > its firewall. There are many possible variants on this; the basic po

Re: [DNSOP] Terminology question: split DNS

2018-03-19 Thread Paul Vixie
Paul Hoffman wrote: Some folks had reservations about the current definition of "split DNS": "Where a corporate network serves up partly or completely different DNS inside and outside its firewall. There are many possible variants on this; the basic point is that the correspondence between a gi

[DNSOP] Terminology question: split DNS

2018-03-19 Thread Paul Hoffman
Some folks had reservations about the current definition of "split DNS": "Where a corporate network serves up partly or completely different DNS inside and outside its firewall. There are many possible variants on this; the basic point is that the correspondence between a given FQDN (fu