[120085] in North American Network Operators' Group
Re: Breaking the internet (hotels, guestnet style) - path asumption
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Wed Dec 9 12:14:14 2009
Date: Wed, 9 Dec 2009 17:11:53 +0000
From: bmanning@vacation.karoshi.com
To: Owen DeLong <owen@delong.com>
In-Reply-To: <38C765FC-EB06-4972-BB74-EBD91AD6A267@delong.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Dec 09, 2009 at 06:30:45AM -0800, Owen DeLong wrote:
>
> On Dec 9, 2009, at 1:26 AM, Jens Link wrote:
>
> > Owen DeLong <owen@delong.com> writes:
> >
> >> I expect my connections to my mail server to actually reach my mail
> >> server. I use TLS and SMTP AUTH as well as IMAP/SSL. Many of the "just
> >> works" settings in question break these things badly.
> >
> > One of my customers has an appliance for his WLAN guest access access
> > which filters out AAAA records. :-(
> >
> > jens@bowmore:~$ dig AAAA www.quux.de @8.8.8.8 +short
> > jens@bowmore:~$
> >
> Wow... Yeah, that would definitely result in a lengthy conversation between
> their tech. support department and me.
>
> The ones that are even worse, though, are the ones that pass through AAAA
> and do RA/SLAAC advertisements, but, don't provide IPv6 connectivity.
>
> Owen
>
why do you presume the DNS service is in the same path as the
TLS/SSL?
a loose reading of these posts might give the gullible the impression
that the IP datagrams between the source and the target pass through
the DNS server... which we -KNOW- is false.
--bill
