Hacker News new | past | comments | ask | show | jobs | submit login

What condition do you use for determine split horizon? Client IP?



Right, for internal networks, we use source IP(well network, but same diff).

For instance, we might have diff. source networks based on their department or building or whatever. We can then give them DNS information based on where they are coming from. It's not foolproof obviously, even if we control the internal network, it doesn't mean a bad actor isn't around wreaking havoc, so it's defence in depth, not the sole line of defence.

But it allows us to control DNS from 1 spot, and give this group of servers names for themselves, and that group of servers and this group of clients access to this group of servers, etc.


I suppose this is something you could do if you are in a local network and configuring all clients to use the DNS directly. In any other scenario, this will fail.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: