[106698] in North American Network Operators' Group
FW: maybe a dumb idea on how to fix the dns problems i don't know....
daemon@ATHENA.MIT.EDU (Tomas L. Byrnes)
Sun Aug 10 15:38:32 2008
Date: Sun, 10 Aug 2008 12:37:27 -0700
From: "Tomas L. Byrnes" <tomb@byrneit.net>
To: <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
=20
-----Original Message-----
From: Tomas L. Byrnes=20
Sent: Saturday, August 09, 2008 9:01 PM
To: 'Chris Paul'
Subject: RE: maybe a dumb idea on how to fix the dns problems i don't
know....
Actually, the RFCs (RFC-1034 3.7RFC-1035 4.2, ref RFC-793;
Implementation spec in RFC-1035 4.2.2; RFC-2136 2.1 says TCP is "at the
discretion of the requestor";) say TCP "Should" be supported. It's
optional, but recommended.
The source of the guidance to block TCP is misguided "security" folks
who confuse self-denial of service with policy enforcement.
=20
When security breaks functionality, it usually fails to secure, as users
circumvent it, in my not so humble experience.
BTW: In RFC 1034 5.3.1 PVM tipped to some of the issues that we are now
dealing with, under the title of "Stub Resolvers".
> -----Original Message-----
> From: Chris Paul [mailto:chris.paul@rexconsulting.net]
> Sent: Saturday, August 09, 2008 3:49 PM
> Cc: nanog@merit.edu
> Subject: Re: maybe a dumb idea on how to fix the dns problems i don't=20
> know....
>=20
>=20
> Paul Vixie wrote:
> > because TCP is considered optional by many authority DNS
> server operators.
> > =20
> Hey authority DNS server operators. Can you make a change to your=20
> servers to always allow TCP client connections? Would this be=20
> difficult?
> What would be the harm?
> > it's only required if you expect AXFR or if you ever emit a
> TC bit. =20
> > if you don't want to do TCP then you can rule out the TC
> bit and AXFR
> > and just not do TCP, and you'll be dead-to-rights within
> the various DNS protocol RFCs.
> > =20
> what RFCs forbid TCP for clients? I thought TCP was an option for=20
> clients. I'm not spending the rest of my sunday though reading=20
> rfcs....... and sure as hell not joining another list because to tell=20
> you the truth, I don't really care as much about the typical angry=20
> Sunday list poster (talk about redundant statement....)
>=20
> thanks for the thoughts, though Paul. I'll leave the rest of this=20
> discussion (should it exist) to others in their forum of choice....=20
> I'm thinking of nice insalade caprese with true mozarella di bufalo=20
> right now.... now That's A Sunday!"
>=20
> CP
>=20
> --
> Chris Paul
> Rex Consulting, Inc
> 157 Rainbow Drive #5703, Livingston, TX 77399-1057
> email: chris.paul@rexconsulting.net
> web: http://www.rexconsulting.net
> phone, direct: +1, 831.706.4211
> phone, toll-free: +1, 888.403.8996
>=20
> The information transmitted is intended only for the person or entity=20
> to which it is addressed and may contain confidential and/or=20
> privileged material. Any review, retransmission, dissemination or=20
> other use of, or taking of any action in reliance upon, this=20
> information by persons or entities other than the intended recipient=20
> is prohibited.
> Rex Consulting, Inc. is a California Corporation.
>=20
> P Please don't print this e-mail, unless you really need to.
>=20
>=20
>=20
>=20
