[Blink] outbound proxy not used

Adrian Georgescu ag at ag-projects.com
Thu Sep 30 12:02:41 CEST 2010 

Hi Klaus,

How would the end-users understand the difference between such two options? You and Juha certainly understand it but the rest of the casual users? 

Adrian

On Sep 30, 2010, at 11:47 AM, Klaus Darilion wrote:

> 
> 
> Am 29.09.2010 19:23, schrieb Adrian Georgescu:
>> Well, it turn out that in the real world many DNS resolvers built in
>> routers are unable to lookup DNS NAPTR and SRV records. Because of
>> this reason, we built the DNS resolver within Blink itself.  What you
>> say is not really the way DNS is properly managed in an enterprise.
>> DNS must always be properly delegated and the delegated name servers
>> must always respond correctly, if is privacy issue with which
>> hostnames are looked-up, you can always set different views of DNS
>> responses for queries coming from the Internet or the private LANs
>> but the DNS must be properly delegated and the name servers
>> responsible for that domain must provide the correct answers.
> 
> Who defines what is properly? Is there an RFC stating that private records must be on public name servers, protected by views? I doubt.
> I think split-DNS setups are rather common in enterprises and from following the blink mailing list I get the impression that there is no universal solution to DNS problems (NAPTR/SRV issues vs. special-DNS-setups).
> 
> IMO Juha made a good point when asking to have the resolver behavior configurable (use system resolver or internal resolver).
> 
> regards
> Klaus
> 
> 
>> 
>> Adrian
>> 
>> On Sep 29, 2010, at 7:14 PM, Juha Heinanen wrote:
>> 
>>> Adrian Georgescu writes:
>>> 
>>>> Blink does not use your local resolver, it has his own built-in
>>>> DNS resolver to solve problems related to broken DNS resolvers
>>>> that are unable to resolve SRV and NAPTR records.
>>> 
>>> so it requires that all names are on public name servers reachable
>>> via root dns servers?  if so, looks like a limitation in
>>> enterprise environment. perhaps it would be a good idea to be able
>>> to turn off the built-in resolver.
>>> 
>>> -- juha _______________________________________________ Blink
>>> mailing list Blink at lists.ag-projects.com
>>> http://lists.ag-projects.com/mailman/listinfo/blink
>>> 
>> 
>> _______________________________________________ Blink mailing list
>> Blink at lists.ag-projects.com
>> http://lists.ag-projects.com/mailman/listinfo/blink
>

More information about the Blink mailing list