[Blink] outbound proxy not used
klaus.mailinglists at pernau.at
Thu Sep 30 11:47:40 CEST 2010
Am 29.09.2010 19:23, schrieb Adrian Georgescu:
> Well, it turn out that in the real world many DNS resolvers built in
> routers are unable to lookup DNS NAPTR and SRV records. Because of
> this reason, we built the DNS resolver within Blink itself. What you
> say is not really the way DNS is properly managed in an enterprise.
> DNS must always be properly delegated and the delegated name servers
> must always respond correctly, if is privacy issue with which
> hostnames are looked-up, you can always set different views of DNS
> responses for queries coming from the Internet or the private LANs
> but the DNS must be properly delegated and the name servers
> responsible for that domain must provide the correct answers.
Who defines what is properly? Is there an RFC stating that private
records must be on public name servers, protected by views? I doubt.
I think split-DNS setups are rather common in enterprises and from
following the blink mailing list I get the impression that there is no
universal solution to DNS problems (NAPTR/SRV issues vs.
IMO Juha made a good point when asking to have the resolver behavior
configurable (use system resolver or internal resolver).
> On Sep 29, 2010, at 7:14 PM, Juha Heinanen wrote:
>> Adrian Georgescu writes:
>>> Blink does not use your local resolver, it has his own built-in
>>> DNS resolver to solve problems related to broken DNS resolvers
>>> that are unable to resolve SRV and NAPTR records.
>> so it requires that all names are on public name servers reachable
>> via root dns servers? if so, looks like a limitation in
>> enterprise environment. perhaps it would be a good idea to be able
>> to turn off the built-in resolver.
>> -- juha _______________________________________________ Blink
>> mailing list Blink at lists.ag-projects.com
> _______________________________________________ Blink mailing list
> Blink at lists.ag-projects.com
More information about the Blink