DNSSEC versus multiple views
John Wobus
jw354 at cornell.edu
Tue May 31 18:11:46 UTC 2011
What problems do sites have that deploy both multiple views and
DNSSEC?
I read the "Split-View DNSSEC Operation Practices" draft, which
outlines a number of set-ups, generally citing disadvantages in the
area of administration, troubleshooting, and added complexity. But
it says these set-ups are workable.
Our site serves thousands of mobile users with many types of consumer
mobile devices used onsite and elsewhere. Our site also has
independent departments running their own caching servers. Both
these make me nervous. I could imagine a future where mobile devices
both cache and validate DNS and could imagine the combination of
multiple views and DNSSEC creating problems for them. Perhaps
future end-user caching/validation procedures will be driven by the
existence of multiple-views/DNSSEC sites.
All this is from reading and thinking. Can anyone tell me about
real-world problem cases?
John Wobus
Cornell University
More information about the bind-users
mailing list