Margaret,
Margaret Wasserman wrote:
(2) Institutionalizing the need for split DNS. I understand
that some network administrators choose to use split DNS
today, but that doesn't meant that we want to build a
requirement for split DNS it into the IPv6 architecture.
I don't think "Institutionalizing" is a good choice of words here. Split
DNS is not unique to site-local addresses, it's not even unique to
private addresses. I have seen several sites that have split DNS even
though they use public addresses only. Out of the 50 something distinct
sites that I administer, I think only one or two do not have split DNS.
IMO, requiring the DNS infrastructure to be aware of and
enforce topology boundaries is a poor architectural choice.
In theory, I agree but the fact of the matter is that it already is
aware of the topology and I don't see this changing any time soon. Don't
get me wrong: I do not like split DNS, but I have seen it on sites that
have a single public address per host. There also are multitudes of perl
scripts that parse custom zone files to make multiple different ones,
such as the very typical example below that will produce 2 set of zone
files:
(yes I know it does include NAT but keep in mind this is today's reality
too).
name inside_addr outside_addr
www 192.168.1.2 209.233.126.65 # web server
ftp 192.168.1.3 209.233.126.65 # ftp server
sql 192.168.1.4 0.0.0.0
pop3 0.0.0.0 209.233.126.65
[parse with homebrew perl script]
zone file for inside DNS servers:
www 192.168.1.2 # web server
ftp 192.168.1.3 # ftp server
sql 192.168.1.4
zone file for outside DNS servers:
www 209.233.126.65 # web server
ftp 209.233.126.65 # ftp server
pop3 209.233.126.65
Again I'm not saying this is good but don't think it will be introduced
or institutionalized with site-local addresses; it's been around for a
long time.
Michel.