IETF Logo Mail Archive

Re: I-D ACTION:draft-ietf-dnsext-forgery-resilience-01.txt

gson@araneus.fi (Andreas Gustafsson Mon, 13 August 2007 15:07 UTC

Return-path: <owner-namedroppers@ops.ietf.org>
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IKbWI-0005Iw-FG; Mon, 13 Aug 2007 11:07:50 -0400
Received: from psg.com ([147.28.0.62]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IKbWH-0007mv-8X; Mon, 13 Aug 2007 11:07:50 -0400
Received: from majordom by psg.com with local (Exim 4.67 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1IKbQ3-0004tp-AA for namedroppers-data@psg.com; Mon, 13 Aug 2007 15:01:23 +0000
X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on psg.com
X-Spam-Level:
X-Spam-Status: No, score=-2.5 required=5.0 tests=BAYES_00,RDNS_NONE autolearn=no version=3.2.1
Received: from [83.246.72.252] (helo=gurgel.gson.org) by psg.com with esmtp (Exim 4.67 (FreeBSD)) (envelope-from <gson@gson.org>) id 1IKbPo-0004rs-65 for namedroppers@ops.ietf.org; Mon, 13 Aug 2007 15:01:17 +0000
Received: from guava.gson.org (a91-152-94-125.elisa-laajakaista.fi [91.152.94.125]) by gurgel.gson.org (Postfix) with ESMTP id 1EF307C8DE; Mon, 13 Aug 2007 15:00:47 +0000 (UTC)
Received: by guava.gson.org (Postfix, from userid 101) id 2352675EF2; Mon, 13 Aug 2007 18:01:06 +0300 (EEST)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <18112.29234.95785.358726@guava.gson.org>
Date: Mon, 13 Aug 2007 18:01:06 +0300
To: bert hubert <bert.hubert@netherlabs.nl>
Cc: namedroppers@ops.ietf.org
Subject: Re: I-D ACTION:draft-ietf-dnsext-forgery-resilience-01.txt
In-Reply-To: <20070813110643.GB24229@outpost.ds9a.nl>
References: <E1IIPpu-0003yG-Ss@stiedprstage1.ietf.org> <46C03070.7020604@isc.org> <20070813110643.GB24229@outpost.ds9a.nl>
X-Mailer: VM 7.19 under Emacs 21.4.1
From: gson@araneus.fi
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-id: DNSEXT discussion <namedroppers.ops.ietf.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9466e0365fc95844abaf7c3f15a05c7d

bert hubert wrote:
> >    Implementations MUST use an as large as possible pool of UDP source
> >    ports for sending queries
> > 
> > Perhaps SHOULD? Because this basically means that implementations have to use
> > 1024 to 65535 doesn't it?
> 
> This is basically a knob you can turn.  If you turn it to '1 source port',
> you get the current situation as with BIND and Nominum CNS, Windows DNS etc.

That's not what the draft actually says.  If you "MUST use an as large
as possible pool of source ports", turning the knob to anything other
than the maximum would violate the MUST.

Let me once again voice my strong objection to this requirement.  For
one thing, it means that on any host running a DNS resolver, it would
be impossible to later add any other UDP-based services, because all
the UDP ports would already be taken.  The ability to provide multiple
services on a single host is one of the fundamental properties of the
IP protocol suite that make it useful.  Even saying that a single
protocol MAY or SHOULD monopolize all UDP ports would be antisocial
towards other protocols; saying that it MUST do so is just ridiculous.
-- 
Andreas Gustafsson, gson@araneus.fi

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

v2.46.0 | Report a Bug | By Email | System Status