[Blink] outbound proxy not used

Dan Pascu dan at ag-projects.com
Thu Sep 30 16:34:11 CEST 2010


On 30 Sep 2010, at 12:47, Klaus Darilion wrote:

> Who defines what is properly?

Properly means that a nameserver that is declared authoritative for a  
domain should contain the records for that domain, not expect another  
nameserver that is not authoritative to contain them. Proper also  
means that a nameserver that you declare in resolv.conf and is not  
authoritative for a domain should be just a caching nameserver which  
should take the records from the authoritative nameserver not inject  
records of its own overriding an authoritative nameserver.

> Is there an RFC stating that private records must be on public name  
> servers, protected by views? I doubt.

No, but is common sense that an authoritative nameserver should  
contain the records for which is authoritative. Blink doesn't care  
that you keep your records on a private DNS, all it cares is that the  
authoritative nameserver for your domain (be that private if you must)  
replies to the queries.

> I think split-DNS setups are rather common in enterprises and from  
> following the blink mailing list I get the impression that there is  
> no universal solution to DNS problems (NAPTR/SRV issues vs. special- 
> DNS-setups).

That's just fine. But what prevents one from provisioning your records  
in their split DNS once they pointed towards their private nameserver  
as being authoritative.

>
> IMO Juha made a good point when asking to have the resolver behavior  
> configurable (use system resolver or internal resolver).

I disagree. I find this to be just a hack to allow one to get away  
without properly configured nameservers. An authoritative nameserver  
should reply with the records when asked, not expect some other  
nameserver in some resolv.conf to contain the records that the  
authoritative nameserver is responsible for.

--
Dan









More information about the Blink mailing list