FW: maybe a dumb idea on how to fix the dns problems i don't know....

Sun Aug 10 19:37:27 UTC 2008

-----Original Message-----
From: Tomas L. Byrnes 
Sent: Saturday, August 09, 2008 9:01 PM
To: 'Chris Paul'
Subject: RE: maybe a dumb idea on how to fix the dns problems i don't
know....

Actually, the RFCs (RFC-1034 3.7RFC-1035 4.2, ref RFC-793;
Implementation spec in RFC-1035 4.2.2; RFC-2136 2.1 says TCP is "at the
discretion of the requestor";)   say TCP "Should" be supported. It's
optional, but recommended.

The source of the guidance to block TCP is misguided "security" folks
who confuse self-denial of service with policy enforcement.

When security breaks functionality, it usually fails to secure, as users
circumvent it, in my not so humble experience.

BTW: In RFC 1034 5.3.1 PVM tipped to some of the issues that we are now
dealing with, under the title of "Stub Resolvers".

> -----Original Message-----
> From: Chris Paul [mailto:chris.paul at rexconsulting.net]
> Sent: Saturday, August 09, 2008 3:49 PM
> Cc: nanog at merit.edu
> Subject: Re: maybe a dumb idea on how to fix the dns problems i don't 
> know....
> 
> 
> Paul Vixie wrote:
> > because TCP is considered optional by many authority DNS
> server operators.
> >   
> Hey authority DNS server operators. Can you make a change to your 
> servers to always allow TCP client connections? Would this be 
> difficult?
> What would be the harm?
> > it's only required if you expect AXFR or if you ever emit a
> TC bit.  
> > if you don't want to do TCP then you can rule out the TC
> bit and AXFR
> > and just not do TCP, and you'll be dead-to-rights within
> the various DNS protocol RFCs.
> >   
> what RFCs forbid TCP for clients? I thought TCP was an option for 
> clients. I'm not spending the rest of my sunday though reading 
> rfcs....... and sure as hell not joining another list because to tell 
> you the truth, I don't really care as much about the typical angry 
> Sunday list poster (talk about redundant statement....)
> 
> thanks for the thoughts, though Paul. I'll leave the rest of this 
> discussion (should it exist) to others in their forum of choice.... 
> I'm thinking of nice insalade caprese with true mozarella di bufalo 
> right now.... now That's A Sunday!"
> 
> CP
> 
> --
> Chris Paul
> Rex Consulting, Inc
> 157 Rainbow Drive #5703, Livingston, TX 77399-1057
> email: chris.paul at rexconsulting.net
> web: http://www.rexconsulting.net
> phone, direct: +1, 831.706.4211
> phone, toll-free: +1, 888.403.8996
> 
> The information transmitted is intended only for the person or entity 
> to which it is addressed and may contain confidential and/or 
> privileged material. Any review, retransmission, dissemination or 
> other use of, or taking of any action in reliance upon, this 
> information by persons or entities other than the intended recipient 
> is prohibited.
> Rex Consulting, Inc. is a California Corporation.
> 
> P Please don't print this e-mail, unless you really need to.
> 
> 
> 
> 