ietf-mxcomp
[Top] [All Lists]

RE: suggested new RRtype experiment

2004-05-20 17:28:54

The installations are the ones where the host in question is behind a
firewall and cannot itself send to the Internet UDP packets destined for
port 53.

Curiously, FWIW, the internal Microsoft corporate network is one such
installation.

On 5/20/2004 7:10 PM, Bob Atkinson wrote:

Not at all.

I'm saying that writing a custom DNS client won't work in many
customer
installations.

What kind of scenarios? I'm going to ass-u-me that the only model
which
meets the kind of requirements you seem to be describing would be
users
who are permanently connected but don't have a local DNS server and
don't
use any other computing platforms. If they were dialup there wouldn't
be a
[non-local] firewall problem. If they had a local server, it would
issue
the queries on behalf of the local users and thus speak whatever magic
necessary to get past the sentry. If they have other platforms then
they've disabled the nonsense already. That leaves LAN-connected with
no
local server and no other platforms. Many customers? Dunno, but
measurable
probably okay.

At this point I have to ask if your resolver is exclusively licensed
by
the firewall as the only application that is authorized to issue DNS
lookups. Is it not possible for other applications to speak the magic
needed for the ports to be opened and closed on-demand?

What do load-balancer clients do when they need to use a different
resolver for higher granularity? Disable the firewall?

--
Eric A. Hall
http://www.ehsco.com/
Internet Core Protocols
http://www.oreilly.com/catalog/coreprot/