Re: [BEHAVE] DNS vs port overloading
Mark Andrews <marka@isc.org> Thu, 27 June 2013 14:36 UTC
Return-Path: <marka@isc.org>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4161321F9AD6 for <behave@ietfa.amsl.com>; Thu, 27 Jun 2013 07:36:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.455
X-Spam-Level:
X-Spam-Status: No, score=-2.455 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7af+XVBIE8L1 for <behave@ietfa.amsl.com>; Thu, 27 Jun 2013 07:36:33 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id E393E21F9AFA for <behave@ietf.org>; Thu, 27 Jun 2013 07:36:24 -0700 (PDT)
Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id 5DD26C94E8; Thu, 27 Jun 2013 14:36:17 +0000 (UTC) (envelope-from marka@isc.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1372343784; bh=rw3iM9+3CaQOa1hzT9SglALuXxlz/cQujLyG5Ui705Q=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=egdh+tjG59ViQ2H00+Ay82xFLwFC6MZaXJ8/xWQm+EJ2A0eAdhm7bk2dgWfDeUKBA sobuQWNDesGRE2Lpx9Ib9gs9TAWaVXg2Gns18qabC4n9LfmW9DhspcmuUYpI5I3/oA NYSwvm1A38pg1kHLzxH7IlJGzf7KPCANt129QIwc=
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP; Thu, 27 Jun 2013 14:36:17 +0000 (UTC) (envelope-from marka@isc.org)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 4B1D116004A; Thu, 27 Jun 2013 14:37:34 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id PzD4MmwgBUOV; Thu, 27 Jun 2013 14:37:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 31E201600A2; Thu, 27 Jun 2013 14:37:33 +0000 (UTC)
X-Virus-Scanned: amavisd-new at zmx1.isc.org
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id bbWgzkN7irjK; Thu, 27 Jun 2013 14:37:33 +0000 (UTC)
Received: from drugs.dv.isc.org (c211-30-172-21.carlnfd1.nsw.optusnet.com.au [211.30.172.21]) by zmx1.isc.org (Postfix) with ESMTPSA id D6FA816009F; Thu, 27 Jun 2013 14:37:32 +0000 (UTC)
Received: from drugs.dv.isc.org (localhost [IPv6:::1]) by drugs.dv.isc.org (Postfix) with ESMTP id 51ECB365ED5A; Fri, 28 Jun 2013 00:36:12 +1000 (EST)
To: Simon Perreault <simon.perreault@viagenie.ca>
From: Mark Andrews <marka@isc.org>
References: <CB1B483277FEC94E9B58357040EE5D02325A6E93@xmb-rcd-x15.cisco.com> <2f7dce8264c8a9a72640629502a44295@cacaoweb.org> <51C1681A.5030909@viagenie.ca> <f8741fad1af1cee094de9c59408b7425@cacaoweb.org> <51C40374.8080403@viagenie.ca> <21e25b7ae1501228a67656b2fa4bc009@cacaoweb.org> <51CAA20F.4070307@viagenie.ca> <7f35bf30538732e3953bd33bcab7a791@cacaoweb.org> <51CC444C.1030507@viagenie.ca> <20130627141434.3B0BD365EA62@drugs.dv.isc.org> <51CC4A59.8080801@viagenie.ca>
In-reply-to: Your message of "Thu, 27 Jun 2013 16:21:13 +0200." <51CC4A59.8080801@viagenie.ca>
Date: Fri, 28 Jun 2013 00:36:12 +1000
Message-Id: <20130627143612.51ECB365ED5A@drugs.dv.isc.org>
X-DCC--Metrics: post.isc.org; whitelist
Cc: behave@ietf.org, ivan@cacaoweb.org
Subject: Re: [BEHAVE] DNS vs port overloading
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jun 2013 14:36:38 -0000
In message <51CC4A59.8080801@viagenie.ca>, Simon Perreault writes: > Le 2013-06-27 16:14, Mark Andrews a écrit : > >> I have suggested that one condition where port overloading could be used > >> is when the NAT knows that it will not disrupt the application protocol. > >> For example, the protocols running on TCP port 80 and UDP port 53 (HTTP > >> and DNS) are purely client-server and therefore would not be affected by > >> port overloading. Allowing NATs to do port overloading for those ports > >> only would probably solve the scalability problem since they account for > >> a large portion of the traffic. > > > > And overloading DNS could potentially defeat the port randomisation > > done by the server even though nameservers do port overloading > > themselves to send traffic out a large set of ports choosen at > > random and reselected from at random. > > Good point. > > Could that be solved with operational advice? In the case of CGN, we > could advise the ISP could to make sure that its recursive nameserver > sits on the border between the internal and external realm such that no > DNS traffic is handled by the CGN. > > Would that fully address your concern? > > Simon No. Many ISP's have a history of mucking with DNS results when you use their servers. Most ISP's don't muck DNS queries not directed to their servers. For those that do you can usually see that they are mucking with results. You can't just redirect queries at a normal recursive server and think that will provide a "transparent DNS caching server". Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [BEHAVE] (no subject) Senthil Sivakumar (ssenthil)
- Re: [BEHAVE] (no subject) Dan Wing
- [BEHAVE] REQ 1 and REQ 7 of RFC5382 were supposed… ivan c
- Re: [BEHAVE] REQ 1 and REQ 7 of RFC5382 were supp… Simon Perreault
- Re: [BEHAVE] REQ 1 and REQ 7 of RFC5382 were supp… ivan c
- Re: [BEHAVE] REQ 1 and REQ 7 of RFC5382 were supp… Simon Perreault
- Re: [BEHAVE] REQ 1 and REQ 7 of RFC5382 were supp… Senthil Sivakumar (ssenthil)
- Re: [BEHAVE] REQ 1 and REQ 7 of RFC5382 were supp… ivan c
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) Senthil Sivakumar (ssenthil)
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) Rajiv Asati (rajiva)
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] (no subject) Dan Wing
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] TCP port overloading, preservation a… ivan c
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] TCP port overloading, preservation a… Simon Perreault
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] TCP port overloading, preservation a… ivan c
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] TCP port overloading, preservation a… Simon Perreault
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) cb.list6
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] (no subject) Reinaldo Penno (repenno)
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] (no subject) Mark Andrews
- Re: [BEHAVE] (no subject) ivan c
- [BEHAVE] DNS vs port overloading Simon Perreault
- Re: [BEHAVE] (no subject) ietfdbh
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] DNS vs port overloading Mark Andrews
- Re: [BEHAVE] DNS vs port overloading Simon Perreault
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) Tom Taylor
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] DNS vs port overloading Mark Andrews
- Re: [BEHAVE] (no subject) ivan c
- Re: [BEHAVE] (no subject) Simon Perreault
- Re: [BEHAVE] DNS vs port overloading Simon Perreault
- [BEHAVE] UDP socket programming Simon Perreault
- Re: [BEHAVE] TCP port overloading, preservation a… ivan c
- Re: [BEHAVE] DNS vs port overloading ivan c