maybe a dumb idea on how to fix the dns problems i don't know....
chris.paul at rexconsulting.net
Sun Aug 10 15:14:46 CDT 2008
Tomas L. Byrnes wrote:
> -----Original Message-----
> From: Tomas L. Byrnes
> Sent: Saturday, August 09, 2008 9:01 PM
> To: 'Chris Paul'
> Subject: RE: maybe a dumb idea on how to fix the dns problems i don't
> Actually, the RFCs (RFC-1034 3.7RFC-1035 4.2, ref RFC-793;
> Implementation spec in RFC-1035 4.2.2; RFC-2136 2.1 says TCP is "at the
> discretion of the requestor";) say TCP "Should" be supported. It's
> optional, but recommended.
> The source of the guidance to block TCP is misguided "security" folks
> who confuse self-denial of service with policy enforcement.
Thanks Tomas for doing the research I wasn't about to do on a a weekend....
Dear North American Network Operators,
See it isn't a dumb idea after all? Y'all get coding, patching and
firewall rule-set changing now! Let's please stop using UDP for DNS
resolution. THAT was the dumb idea really...
(I know; you old folks that created this wonderful thing didn't think of
that back then.... blah blah blah).
And SYN flooding? That happens to port 80 and port 25 too right? Most
web and mail servers listen to the WORLD, whereas most DNS servers doing
recursion do so only for the local network where SYN flooding is less of
The experts don't seem to be able to post any rebuttals to my idea in
decent enough English to answer why we should not do this. Perhaps I'm
just too dumb to understand all you zen masters out there with your
desire to use bad grammar, lack of punctuation and capitalization and
the most complicated language to obfuscate solutions....
Oh and, ha ha, even though I'm just the ldap dude, I'll take all the
fame and money (paypal or send to address below) for coming up with the
simple solution to this dns problem. If you really want, my Mom will
send some cookies to the next blackhat. (My Grandma taught her how very
well but she is dead.)
There's really nothing more complicated about this problem than baking
cookies, I don't think, but you have to go through many generations
iteration and experiment ion to get it right. And sometimes the answers
are simple once they are found (hey look what I found out: see what this
bicarbonate of soda does!).
Oh hey yesterday was Saturday! Duh! Bonus for me!!! . Why on earth did I
check my email? I usually don't on weekends at all. I'm sorry......
This change would not even be hard to implement globally, would it? Just
SIMPLE code changes, patches, and firewall changes. (OK maybe the last
part is not so easy but that to me is just lack of competence out there.)
Rex Consulting, Inc
157 Rainbow Drive #5703, Livingston, TX 77399-1057
email: chris.paul at rexconsulting.net
phone, direct: +1, 831.706.4211
phone, toll-free: +1, 888.403.8996
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of,
or taking of any action in reliance upon, this information by persons
or entities other than the intended recipient is prohibited.
Rex Consulting, Inc. is a California Corporation.
P Please don't print this e-mail, unless you really need to.
More information about the NANOG