ietf
[Top] [All Lists]

Re: [secdir] secdir review of draft-ietf-dnsop-reflectors-are-evil-04.txt

2007-10-03 05:50:25


On Monday, October 01, 2007 10:34:37 AM -0600 Danny McPherson <danny(_at_)tcb(_dot_)net> wrote:

Note that in real deployments just this behavior has broken things
on occasion, as many firewall and other such policy application points
assume things like DNS resolution will only be UDP/53 transactions.

Yeah; I'm getting a little tired of having our protocols redefined based on the incorrect assumptions of people who don't understand them. The DNS sometimes uses TCP, UDP flows can last more than one round trip, and ICMP unreachable messages are an essential part of IP; vendors and operators who assume otherwise should be made to fix their assumptions, instead of everyone else having to cripple their applications and networks to make the assumptions true.

-- Jeff

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf