[Blink] outbound proxy not used
Dan Pascu
dan at ag-projects.com
Thu Sep 30 16:34:11 CEST 2010
On 30 Sep 2010, at 12:47, Klaus Darilion wrote:
> Who defines what is properly?
Properly means that a nameserver that is declared authoritative for a
domain should contain the records for that domain, not expect another
nameserver that is not authoritative to contain them. Proper also
means that a nameserver that you declare in resolv.conf and is not
authoritative for a domain should be just a caching nameserver which
should take the records from the authoritative nameserver not inject
records of its own overriding an authoritative nameserver.
> Is there an RFC stating that private records must be on public name
> servers, protected by views? I doubt.
No, but is common sense that an authoritative nameserver should
contain the records for which is authoritative. Blink doesn't care
that you keep your records on a private DNS, all it cares is that the
authoritative nameserver for your domain (be that private if you must)
replies to the queries.
> I think split-DNS setups are rather common in enterprises and from
> following the blink mailing list I get the impression that there is
> no universal solution to DNS problems (NAPTR/SRV issues vs. special-
> DNS-setups).
That's just fine. But what prevents one from provisioning your records
in their split DNS once they pointed towards their private nameserver
as being authoritative.
>
> IMO Juha made a good point when asking to have the resolver behavior
> configurable (use system resolver or internal resolver).
I disagree. I find this to be just a hack to allow one to get away
without properly configured nameservers. An authoritative nameserver
should reply with the records when asked, not expect some other
nameserver in some resolv.conf to contain the records that the
authoritative nameserver is responsible for.
--
Dan
More information about the Blink
mailing list