[63137] in North American Network Operators' Group
Re: ISPs blocking port 53? (was Re: Annoying dynamic DNS updates)
daemon@ATHENA.MIT.EDU (Paul Vixie)
Sun Sep 28 18:47:19 2003
From: Paul Vixie <paul@vix.com>
To: nanog@merit.edu
In-Reply-To: Message from Sean Donelan <sean@donelan.com>
of "Sun, 28 Sep 2003 17:31:44 -0400."
<Pine.GSO.4.44.0309281628450.29490-100000@clifden.donelan.com>
Date: Sun, 28 Sep 2003 22:46:36 +0000
Errors-To: owner-nanog-outgoing@merit.edu
> How should an ISP tell the difference between "good" DNS packets and "bad"
> DNS packets?
the bad ones are the ones people complain about.
> You aren't complaining about your dynamic update packets or even all
> dynamic updates. You are complaining about someone sending you packets
> you don't want. And more precisely, you are complaining that Comcast is
> failing to send you other packets you want to receive, i.e. a response to
> your e-mail packets.
yup. where "packets i do not want" could as easily be ddos ("zwil") or spam.
> I've been thinking how to use ICMP to signal different types of
> responses; and even how "smart" edges on both ends of a communication
> could establish and enforce policies. Most of these are non-malicious
> communications involving misconfigured systems. Edge communications
> avoids problems with the host system, but has problems with multi-path
> communications and source validation.
the whole end-to-end argument depends on uniform clue distribution for scale.
