As we are talking about ECN and the funny handling of the IP suite by some
admins and vendors, here another one for your reference. I had this problem
4 years ago, when my default MTU was 576 on my slow unreliable link... Found
out that about 5%(pifomatics) hosts out there were broken. For instance you
can solve it by enabling on MS servers "Black Hole router discovery".
RFC1812 is good, but say a little bit too complicated for the standard
administrator. There should be a document explaining how firewall should
behave for the most common protocols.
I used to block port TCP:53(domain) because I thought it was only required
for domain transfer (master to slave). But I have learnt recently that DNS
may fall back to TCP when the data is too big for UDP. How many DNS out
there are blocking TCP:53. My guess a lot!
An RFC for firewall behavior would be nice, isn't it? Protocol by
Network and Database Development Officer
SOPAC South Pacific Applied Geoscience Commission
E-mail: franck(_at_)sopac(_dot_)org <mailto:franck(_at_)sopac(_dot_)org>
Web site: http://www.sopac.org/
<http://www.sopac.org/> Support FMaps: http://fmaps.sourceforge.net/
This e-mail is intended for its addresses only. Do not forward this e-mail
without approval. The views expressed in this e-mail may not be necessarily
the views of SOPAC.
From: Einar Stefferud [mailto:stef(_at_)nma(_dot_)com]
Sent: Wednesday, 26 June 2002 12:59
To: Lloyd Wood
Cc: Keith Moore; Mike Burns; ietf
Subject: Re: Global PKI on DNS?
That is not trust that you see withering away.
It is called value;-)...\Stef
At 11:05 PM +0100 6/25/02, Lloyd Wood wrote:
On Tue, 25 Jun 2002, Keith Moore wrote:
> I don't think the dollar analogy is very useful. The kind of trust
> we place in money is a very specific kind of trust, and the risk
> we take in trusting money is generally limited to the denomination
> of the note or coin.
Inflation shows how much nobody trusts money. It's a trust that
withers away over time.