Skip to main content

Interim on Split-DNS joint with DPRIVE-DNSOPS-ADD

Meeting Agenda Adaptive DNS Discovery (add) WG
Date and time 2022-01-26 17:00
Title Interim on Split-DNS joint with DPRIVE-DNSOPS-ADD
State Active
Other versions markdown
Last updated 2022-01-21


January 26, 2022 Joint Interim on Split-DNS ADD-DNSOPS-DPRIV

This is a joint interim with DNSOP, DPRIVE, ADD groups on the topic of Resolver Discovery in Split DNS environments

Meeting Materials, Links

Materials, Charter, Documents

Materials, Charter, Documents

  • DNSOP Chairs: Benno Overeinder Suzzane Wolf, Tim Wicinski
  • DPRIVE Chairs Brian Haberman, Tim Wicinksi
  • ADD Chairs David Lawrence, Glenn Deen
  • Area Directors: Warrent Kimari, Eric Vyncke

Interim Session times

  • January 26, 2022, 1700-1830 UTC




Notes on this session:

  • Split DNS is widely deployed operationally and there is a desire for users of it to have a discovery mechanism to discover DoH and DoT relevant resolvers so that they can make use of encrypted DNS.
  • This is not organized as a referendum on Split DNS, nor a workshop on how to end the practice.

1. Background on this Discovery for Split DNS discussion

  • Split DNS in this context means: Networks having different internal/external name mapping in their DNS name space.
  • ADD WG has expressed consensus to work on the problem of DoH/DoT discovery in Split DNS environments
  • ADD WG has not yet reached clear consensus at this point on how to address Split DNS discovery
  • Issues outside of ADD's charter scope have been expressed as concerns including: (1) Validation of resolvers authority; (2) Validation of answers; (3) Potential Role of DNSSEC
  • ADD WG Adopted Drafts on discovery in non Split DNS environments and are nearing WG Last Call:
    (1) Discovery of Designated Resolvers;
    (2) DHCP and Router Advertisement Options for the Discovery of Network-designated Resolvers (DNR)

2. Acknowledging Split DNS is widely deployed and likely here to stay, what is need for discovery?

2.1 Presentation: Proposed approaches on a few issues - Ben Schwartz et al. (20 minutes + discussion)

  • Some items:
  • Restricting the scope of discovery to resolers of split-horizon DNS names that are properly rooted in the global DNS.
  • Clarification of Terminology for: (1) hybrid resolver/client; (2) authorized split horizon; (3) domain camping
  • Using DNSSEC to confirm authority over the split-horizon domains

2.2 Open Mic Line: Discussion on what is important in scoping the discovery requirements

  • Seed issues:
  • Is validation of resolvers authority to answer queries for domains needed?
  • Is answer validation needed for domains resolved in Split DNS environments?
  • DNSSEC is generally not used for the non-global names in Do53 Split DNS environments, so why would it be different for Encrypted DNS?

2.3 Other considerations?

  • Are there past IETF I-Ds/RFCs that need to be referenced?
  • Question to group: Is there related work external to the IETF to be considered?

3.0 Other Discussion Topics

  • From Mic Line

4.0 Planning & Wrap up

  • 5 min - Wrap up

[agenda end]