[80191] in North American Network Operators' Group
Re: using TCP53 for DNS
daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Wed Apr 27 03:28:42 2005
Date: Wed, 27 Apr 2005 09:24:34 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: "Christopher L. Morrow" <christopher.morrow@mci.com>
Cc: Florian Weimer <fw@deneb.enyo.de>,
"Patrick W. Gilmore" <patrick@ianai.net>, nanog@merit.edu
In-Reply-To: <Pine.GSO.4.58.0504261855040.6246@sharpie.argfrp.us.uu.net>
Errors-To: owner-nanog@merit.edu
On Tue, Apr 26, 2005 at 07:01:47PM +0000,
Christopher L. Morrow <christopher.morrow@mci.com> wrote
a message of 29 lines which said:
> Even after I imagine that folks left the filters in place either
> 'because' or 'I don't run router acls' or 'laziness'....
[Warning, operational content.]
Remember that most "firewalls" or other "middleboxes" on the Internet
are completely unmanaged. They were configured once and for all. (See
the problems with former bogons or with 192.0.0.0/8.)
The architecture of the Internet was designed for a network where all
the routers were heavily managed and by knowledgeable people. Now, the
switch to a network of mostly unmanaged boxes is a big challenge.
