Michael, See below some questions to your suggestions:
Thank you Linda -----Original Message----- From: Michael Richardson <mcr+i...@sandelman.ca> Sent: Wednesday, January 25, 2023 1:18 PM To: Linda Dunbar <linda.dun...@futurewei.com> Cc: rt...@ietf.org; dnsop@ietf.org; dn...@ietf.org Subject: Re: [dnssd] Solicit feedback for the DNS behavior for workloads hosted in Cloud DCs described in draft-ietf-rtgwg-net2cloud-problem-statement This sounds a bit like the provisioning domain DNS problem. I felt that PvD was IPv4 think applied to DNS. [Linda] what does PvD mean? I strongly agree with you recommendation: > Globally unique names do not equate to globally resolvable names or > even global names that resolve the same way from every perspective. > Globally unique names can prevent any possibility of collisions at > present or in the future, and they make DNSSEC trust manageable. > Consider using a registered and fully qualified domain name (FQDN) > from global DNS as the root for enterprise and other internal namespaces. Do a zone cut for cloud.example.net, put up some NS records for that, and then answer queries only when the question comes from authorized cloud providers. The answer might well be ULAs that only work within the VPN, or RFC1918 even. [Linda] Do we need to add something to the draft to reflect what you said here? I wrote a document awhile ago suggesting this: https://datatracker.ietf.org/doc/html/draft-richardson-homenet-secret-gardens-01 but, MIF shutdown before I could take it anywhere. [Linda] I finally read through the draft, do you mean we should include "Split Horizon DNS" into the draft? Or do you have some good wording to add? Thank you very much, Linda -- Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
