using TCP53 for DNS

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed Apr 27 07:24:34 UTC 2005


On Tue, Apr 26, 2005 at 07:01:47PM +0000,
 Christopher L. Morrow <christopher.morrow at mci.com> wrote 
 a message of 29 lines which said:

> Even after I imagine that folks left the filters in place either
> 'because' or 'I don't run router acls' or 'laziness'....

[Warning, operational content.]

Remember that most "firewalls" or other "middleboxes" on the Internet
are completely unmanaged. They were configured once and for all. (See
the problems with former bogons or with 192.0.0.0/8.)

The architecture of the Internet was designed for a network where all
the routers were heavily managed and by knowledgeable people. Now, the
switch to a network of mostly unmanaged boxes is a big challenge.




More information about the NANOG mailing list