On Mar 19, 2018, at 5:47 PM, Paul Hoffman <paul.hoff...@vpnc.org> wrote: > Some folks had reservations about the current definition of "split DNS": > "Where a corporate network serves up partly or completely different DNS > inside and outside > its firewall. There are many possible variants on this; the basic point is > that the > correspondence between a given FQDN (fully qualified domain name) and a > given IPv4 address > is no longer universal and stable over long periods." > (Quoted from <xref target="RFC2775"/>, Section 3.8)
Yeah, that's a bit iffy. Homenet is another example of the same thing. I would make it more generic, something like this: Where DNS servers that are authoritative for a particular set of domains provide partly or completely different answers in those domains depending on the source of the query. The effect of this is that a domain name that is notionally globally unique nevertheless has different meanings for different network users. This is probably not exactly right, but it gets rid of several problems with the old text. I think the reference to "corporate" is bogus, and the reference to "IPv4" is also bogus, and also incomplete, since split horizon can affect any record, not just address records. It could be usefully clarified by adding something along the lines of, "for example, RFC2775 mentions ..." and then include some or all of the old text. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
