maybe a dumb idea on how to fix the dns problems i don't know....

Chris Paul chris.paul at rexconsulting.net
Sun Aug 10 20:14:46 UTC 2008



Tomas L. Byrnes wrote:
>  
>
> -----Original Message-----
> From: Tomas L. Byrnes 
> Sent: Saturday, August 09, 2008 9:01 PM
> To: 'Chris Paul'
> Subject: RE: maybe a dumb idea on how to fix the dns problems i don't
> know....
>
> Actually, the RFCs (RFC-1034 3.7RFC-1035 4.2, ref RFC-793;
> Implementation spec in RFC-1035 4.2.2; RFC-2136 2.1 says TCP is "at the
> discretion of the requestor";)   say TCP "Should" be supported. It's
> optional, but recommended.
>
> The source of the guidance to block TCP is misguided "security" folks
> who confuse self-denial of service with policy enforcement.
>   
Thanks Tomas for doing the research I wasn't about to do on a a weekend....

Dear North American Network Operators,

See it isn't a dumb idea after all? Y'all get coding, patching and 
firewall rule-set changing now! Let's please stop using UDP for DNS 
resolution. THAT was the dumb idea really...

(I know; you old folks that created this wonderful thing didn't think of 
that back then.... blah blah blah).

And SYN flooding? That happens to port 80 and port 25 too right? Most 
web and mail servers listen to the WORLD, whereas most DNS servers doing 
recursion do so only for the local network where SYN flooding is less of 
a risk

The experts don't seem to be able to post any rebuttals to my idea in 
decent enough English to answer why we should not do this. Perhaps I'm 
just too dumb to understand all you zen masters out there with your 
desire to use bad grammar, lack of punctuation and capitalization and 
the most complicated language to obfuscate solutions....

Oh and, ha ha, even though I'm just the ldap dude, I'll take all the 
fame and money (paypal or send to address below) for coming up with the 
simple solution to this dns problem. If you really want, my Mom will 
send some cookies to the next blackhat. (My Grandma taught her how very 
well but she is dead.)

There's really nothing more complicated about this problem than baking 
cookies, I don't think, but you have to go through many generations 
iteration and experiment ion to get it right. And sometimes the answers 
are simple once they are found (hey look what I found out: see what this 
bicarbonate of soda does!).

Oh hey yesterday was Saturday! Duh! Bonus for me!!! . Why on earth did I 
check my email? I usually don't on weekends at all. I'm sorry......

This change would not even be hard to implement globally, would it? Just 
SIMPLE code changes, patches, and firewall changes. (OK maybe the last 
part is not so easy but that to me is just lack of competence out there.)

Best,

CP
-- 
Chris Paul
Rex Consulting, Inc
157 Rainbow Drive #5703, Livingston, TX 77399-1057
email: chris.paul at rexconsulting.net
web: http://www.rexconsulting.net
phone, direct: +1, 831.706.4211
phone, toll-free: +1, 888.403.8996

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of,
or taking of any action in reliance upon, this information by persons
or entities other than the intended recipient is prohibited.
Rex Consulting, Inc. is a California Corporation.

P Please don't print this e-mail, unless you really need to.






More information about the NANOG mailing list