[dns-operations] Can't resolve NIH.GOV records
Michael Sinatra
michael at rancid.berkeley.edu
Thu May 7 20:47:20 UTC 2009
On 5/7/09 1:42 PM, Andrew Sullivan wrote:
> On Thu, May 07, 2009 at 01:36:57PM -0700, Michael Sinatra wrote:
>
>> In answer to Andrew's question, UC Berkeley does not use views.
>
> Thanks for the response. Of course, if there were a "public" view of
> example.gov and a "other-federal-network-only" view of example.gov,
> you could see no problems inside example.gov and yet those on
> government networks might still have a problem. It's that sort of
> difference I'm expecting to stumble over during deployment. (I don't
> know if this point was clear in what I posted earlier. If not, my
> apologies, but I hope it's plainer now.)
This could also be an issue if one's caching resolvers loaded zones for
"example.gov" and there were a signing problem with that zone--others
would see it and the people loading the zone wouldn't. However, I agree
that the views issue has the potential to have a much more significant
impact, especially if it's implemented as a federal agency vs.
non-federal agency split. (Yes your point is clear now--thanks.)
michael
More information about the dns-operations
mailing list