Split-horizon DNS

Split-horizon DNS

In computer networking, split-horizon DNS (djbdns terminology), split-view DNS (BIND terminology), or split-brain DNS (Microsoft terminology) is the facility in domain name service servers that provide access to different sets of DNS information to network clients, selected by, usually, the source address of the DNS request.

This facility can provide a mechanism for security and privacy management by logical or physical separation of DNS information for network-internal access (within an administrative domain, e.g., company) and access from an insecure, public network (e.g. the Internet).

Implementation of split-horizon DNS can be accomplished with hardware-based separation or by software solutions. Hardware-based implementations run distinct DNS server devices for the desired access granularity within the networks involved. Software solutions use either multiple DNS server processes on the same hardware or special server software with the built-in capability of discriminating access to DNS zone records. The latter is a common feature of many server software implementations of the DNS protocol (cf. Comparison of DNS server software) and is sometimes the implied meaning of the term "split-horizon DNS", since all other forms of implementation can be achieved with any DNS server software.

plit-Horizon and DNSSEC

Split-horizon DNS can give different authoritative answers to the same query, but DNSSEC allows DNS clients to safely accept answers from any source. This gives the potential for conflicting answers to cause confusion or security problems. The [http://tools.ietf.org/html/draft-krishnaswamy-dnsop-dnssec-split-view draft-krishnaswamy-dnsop-dnssec-split-view] internet draft gives an explanation of how to deal with combining these two DNS features.

ee also

* Comparison of DNS server software
* Split horizon networking - a similar concept for network routing


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • split-horizon — ● ►en loc. adj. ►INTERNET Mode de fonctionnement d un réseau local, dont les adresses seront différentes selon qu on interroge son DNS depuis l extérieur ou l intérieur. Classiquement, on réalise cela avec du NAT …   Dictionnaire d'informatique francophone

  • Comparison of DNS server software — Contents 1 Servers compared 1.1 BIND 1.2 Microsoft DNS 1.3 Dn …   Wikipedia

  • Domain Name System Security Extensions — Internet protocol suite Application layer BGP DHCP DNS FTP HTTP …   Wikipedia

  • DNSSEC — The Domain Name System Security Extensions (DNSSEC) are a suite of IETF specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS …   Wikipedia

  • Domain Name System — The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the… …   Wikipedia

  • MysqlBind — mysqlBind/unxsBind is a DNS management software system. It supports ISC BIND DNS and is distributed as open source software under the GNU General Public License. mysqlBind/unxsBind has been in use since the late 1990s. It initially was designed… …   Wikipedia

  • Routing Information Protocol — Internet protocol suite Application layer BGP DHCP DNS FTP HTTP …   Wikipedia

  • Computers and Information Systems — ▪ 2009 Introduction Smartphone: The New Computer.       The market for the smartphone in reality a handheld computer for Web browsing, e mail, music, and video that was integrated with a cellular telephone continued to grow in 2008. According to… …   Universalium

  • NTL Incorporated — This article discusses the cable provider NTL Incorporated. For other uses of NTL see NTL (disambiguation) NTL Incorporated Industry Cable Communications Founded 1992 …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”