ietf-mxcomp
[Top] [All Lists]

Re: suggested new RRtype experiment

2004-05-20 17:21:47



On 5/20/2004 7:10 PM, Bob Atkinson wrote:

Not at all. 

I'm saying that writing a custom DNS client won't work in many customer
installations. 

What kind of scenarios? I'm going to ass-u-me that the only model which
meets the kind of requirements you seem to be describing would be users
who are permanently connected but don't have a local DNS server and don't
use any other computing platforms. If they were dialup there wouldn't be a
[non-local] firewall problem. If they had a local server, it would issue
the queries on behalf of the local users and thus speak whatever magic
necessary to get past the sentry. If they have other platforms then
they've disabled the nonsense already. That leaves LAN-connected with no
local server and no other platforms. Many customers? Dunno, but measurable
probably okay.

At this point I have to ask if your resolver is exclusively licensed by
the firewall as the only application that is authorized to issue DNS
lookups. Is it not possible for other applications to speak the magic
needed for the ports to be opened and closed on-demand?

What do load-balancer clients do when they need to use a different
resolver for higher granularity? Disable the firewall?

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/