ISPs blocking port 53? (was Re: Annoying dynamic DNS updates)

Sean Donelan sean at donelan.com
Sun Sep 28 23:12:06 UTC 2003


On Sun, 28 Sep 2003, Paul Vixie wrote:
> > I've been thinking how to use ICMP to signal different types of
> > responses; and even how "smart" edges on both ends of a communication
> > could establish and enforce policies.  Most of these are non-malicious
> > communications involving misconfigured systems.  Edge communications
> > avoids problems with the host system, but has problems with multi-path
> > communications and source validation.
>
> the whole end-to-end argument depends on uniform clue distribution for scale.

The current method of complaining to an ISP doesn't scale very well
either.  As you observed in your previous message, supporting 10,000
or ten million customers has many poor scaling properties.  Especialy
if you have to fix issues on a case-by-case basis.

Getting vendors to supply more appropriate defaults offers better
scaling possibilities.  Your complaint might fix one user's computer,
Microsoft updating the default behaivor would fix tens of millions
of users' computers.  Which scales better?

If software didn't do dumb things by default, we wouldn't have to fix the
software one customer at a time.  If BIND, ISC DHCP and Windows shipped by
default with "safe" settings, and did a better job of telling the person
who can fix the problem that there is a problem, would there be fewer
problems?

How can a Windows system have a fatal error every hour for days and
months, and the user not be aware of it until someone else calls them?

If Dynamic DNS Update is so critical that Microsoft feels the need to
enable it by default, why doesn't Microsoft pop an error dialog window
on the user's machine every time it fails?  Then the user could decide
to fix the problem, or stop doing it.  If the user doesn't know there
is a problem, why should he fix it?




More information about the NANOG mailing list