[dns-operations] Can't resolve NIH.GOV records

Michael Sinatra michael at rancid.berkeley.edu
Thu May 7 20:47:20 UTC 2009

On 5/7/09 1:42 PM, Andrew Sullivan wrote:
> On Thu, May 07, 2009 at 01:36:57PM -0700, Michael Sinatra wrote:
>> In answer to Andrew's question, UC Berkeley does not use views.  
> Thanks for the response.  Of course, if there were a "public" view of
> example.gov and a "other-federal-network-only" view of example.gov,
> you could see no problems inside example.gov and yet those on
> government networks might still have a problem.  It's that sort of
> difference I'm expecting to stumble over during deployment.  (I don't
> know if this point was clear in what I posted earlier.  If not, my
> apologies, but I hope it's plainer now.)

This could also be an issue if one's caching resolvers loaded zones for 
"example.gov" and there were a signing problem with that zone--others 
would see it and the people loading the zone wouldn't.  However, I agree 
that the views issue has the potential to have a much more significant 
impact, especially if it's implemented as a federal agency vs. 
non-federal agency split.  (Yes your point is clear now--thanks.)


More information about the dns-operations mailing list