[dns-operations] split views? (was: Can't resolve NIH.GOV records)
Andrew Sullivan
ajs at shinkuro.com
Thu May 7 13:30:06 UTC 2009
On Thu, May 07, 2009 at 12:09:38AM -0700, Craig Leres wrote:
> I received a complaint that none our DLV servers can find the MX for
> extra.niddk.nih.gov.
[&c.]
This is really just an exhortation. Note in particular I don't want
to draw any conclusions about the case at hand.
We've now seen more than one example of reports like this, where
others are having a hard time reproducing the problem. Sometimes it's
just that the server in question doesn't allow recursion to others, so
it's hard to check (this is a Good Thing, and I wouldn't want to
change it). But in this case (and in at least one other I can think
of), the problem was a little more mysterious.
I'm wondering whether any of these cases (or possible future cases)
involve more than one view of the DNS. If so, it would be
tremendously helpful to know that, and even more helpful to know what
the eventual solution is. I have a feeling (but nothing more) that
split views are eventually going to be very painful with DNSSEC
because of some of the things people are doing with them. I have been
led to believe in the past that there are plenty of split views for
various .gov domains, so we may be starting to run into it.
Experience gained in this area would be invaluable to others. So if
you learn something about how DNSSEC and split views interact, it'd be
good to hear about it.
Best,
A
--
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.
More information about the dns-operations
mailing list