Dns is essential already.
Firewalls can cope
-----Original Message-----
From: Joe Touch [mailto:touch(_at_)isi(_dot_)edu]
Sent: Sun Mar 19 21:02:42 2006
To: iana(_at_)iana(_dot_)org; ietf(_at_)ietf(_dot_)org;
netconf(_at_)ops(_dot_)ietf(_dot_)org
Subject: Re: Guidance needed on well known ports
Hallam-Baker, Phillip wrote:
From: Joe Touch [mailto:touch(_at_)ISI(_dot_)EDU]
And with what port would I reach this magical DNS that would
provide the SRV record for the DNS itself?
You use fixed ports for the bootstrap process and only for the bootstrap
process.
Which means that the DNS port needs to be well-known or fixed in advance.
Some other issues to be considered:
- this change would make the DNS required for proper Internet
operation, whereas it is currently optional (i.e., only for
finding the IP address).]
- hosts may run services but not have control over their own
DNS entry (or SRV records)
- firewalling based on ports would no longer be useful
(one could argue it should not be, but that's a different issue)
Fixed ports do not work behind NAT. Anyone who wants to deploy IPv6
would be well advised to pay careful attention to that restriction.
SRV ports work just fine behind a NAT.
Except that many NATs also intercept DNS requests and
redirect them to their own servers, for their own purposes,
which can interfere with SRV records (by design).
People who do this are rarely trying to break things.
They don't *try* to break things, but then tend to. ;-)
As to 'by design', they're not so much trying to break as to 'help'
(usually for their own purposes).
Joe
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf