Re: increasing DNS message entropy, a solution for NATs
Antoin Verschuren <antoin.verschuren@sidn.nl> Thu, 31 July 2008 09:27 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Delivered-To: ietfarch-namedroppers-archive-gleetwall6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D73E83A6A7B; Thu, 31 Jul 2008 02:27:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.223
X-Spam-Level:
X-Spam-Status: No, score=0.223 tagged_above=-999 required=5 tests=[AWL=-0.727, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_EQ_NL=0.55, HELO_MISMATCH_NL=1.448, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mk5Qy4BI0mlr; Thu, 31 Jul 2008 02:27:40 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id E30F63A6989; Thu, 31 Jul 2008 02:27:39 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KOUMa-000KNq-Nu for namedroppers-data@psg.com; Thu, 31 Jul 2008 09:22:24 +0000
Received: from [193.176.144.134] (helo=gw.sidn.nl) by psg.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <Antoin.Verschuren@sidn.nl>) id 1KOUMW-000KN6-F8 for namedroppers@ops.ietf.org; Thu, 31 Jul 2008 09:22:22 +0000
Received: by localhost.sidn.nl (TUNIX/Firewall Mail Server) with ESMTP id CD4CE3AEE6 for <namedroppers@ops.ietf.org>; Thu, 31 Jul 2008 11:22:18 +0200 (CEST)
Received: by gw.sidn.nl (TUNIX/Firewall Mail Server) with ESMTP for <namedroppers@ops.ietf.org>; Thu, 31 Jul 2008 11:22:18 +0200 (CEST)
Received: from [192.168.11.151] ([192.168.11.151]) by sidn.nl with Microsoft SMTPSVC(6.0.3790.3959); Thu, 31 Jul 2008 11:22:18 +0200
Date: Thu, 31 Jul 2008 11:22:03 +0200
From: Antoin Verschuren <antoin.verschuren@sidn.nl>
X-X-Sender: sidn@walhalla.antoin.nl
To: Alex Bligh <alex@alex.org.uk>
cc: namedroppers@ops.ietf.org
Subject: Re: increasing DNS message entropy, a solution for NATs
In-Reply-To: <9166990207B2C79815D1392E@Ximines.local>
Message-ID: <alpine.DEB.1.00.0807311113270.6346@walhalla.antoin.nl>
References: <OF6B63EC19.5E0A6D58-ON8025748D.003A54A9-C125748D.003E1133@nominet.org.uk> <488517CE.6060404@necom830.hpcl.titech.ac.jp> <4891381B.1070400@links.org> <48913FA1.5010501@necom830.hpcl.titech.ac.jp> <B9A58880FC2AE5B486F366FF@Ximines.local> <48916FCA.3040402@e164.org> <489175AA.2050403@links.org> <489176FA.90406@e164.org> <9166990207B2C79815D1392E@Ximines.local>
User-Agent: Alpine 1.00 (DEB 882 2007-12-20)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format="flowed"; charset="US-ASCII"
X-OriginalArrivalTime: 31 Jul 2008 09:22:18.0368 (UTC) FILETIME=[EDAC2800:01C8F2EE]
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
On Thu, 31 Jul 2008, Alex Bligh wrote: >> Lets face it, most people that would/will be effected won't upgrade >> their routers, so that's already a lost cause, anyone that does upgrade >> their NAT solution should do a better job of it and it's not really a >> DNS issue. > > I am guessing the half-life of ADSL equipment is less than 3 years. But it can't hurt to educate the vendors so they do it right. I'f you're behind a NAT, like I am, and run a DNS server, like I do, and if you care enough to get it right, like I do, then you replace your cheap hardware with a proper one anyway. Let's get lists out of vendors that do it proper/inproper so the problem will go away. And must give you this thought: Being behind a NAT that passes through port randomness unaffected when there is no other traffic, other activity behind the NAT can even increase the randomness of the ports as nobody can "guess" the activity I'm going to do on my internal network. Antoin. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- increasing DNS message entropy, a solution for NA… Roy Arends
- Re: increasing DNS message entropy, a solution fo… Joe Abley
- Re: increasing DNS message entropy, a solution fo… bmanning
- Re: increasing DNS message entropy, a solution fo… Paul Vixie
- Re: increasing DNS message entropy, a solution fo… Roy Arends
- Re: increasing DNS message entropy, a solution fo… Alex Bligh
- Re: increasing DNS message entropy, a solution fo… Roy Arends
- Re: increasing DNS message entropy, a solution fo… Alex Bligh
- Re: increasing DNS message entropy, a solution fo… Roy Arends
- Re: increasing DNS message entropy, a solution fo… bert hubert
- Re: increasing DNS message entropy, a solution fo… Masataka Ohta
- Re: increasing DNS message entropy, a solution fo… Duane
- Re: increasing DNS message entropy, a solution fo… Joe Abley
- Re: increasing DNS message entropy, a solution fo… Joe Abley
- Re: increasing DNS message entropy, a solution fo… Joe Abley
- Re: increasing DNS message entropy, a solution fo… Paul Vixie
- Re: increasing DNS message entropy, a solution fo… Doug Barton
- there is a leak: message entropy increase urgent bert hubert
- Re: there is a leak: message entropy increase urg… Paul Vixie
- Re: there is a leak: message entropy increase urg… Mark Andrews
- Re: there is a leak: message entropy increase urg… bert hubert
- Re: there is a leak: message entropy increase urg… Paul Vixie
- Re: increasing DNS message entropy, a solution fo… Tony Finch
- Re: increasing DNS message entropy, a solution fo… Ben Laurie
- Re: increasing DNS message entropy, a solution fo… Masataka Ohta
- Re: increasing DNS message entropy, a solution fo… Alex Bligh
- Re: increasing DNS message entropy, a solution fo… Duane
- Re: increasing DNS message entropy, a solution fo… Ben Laurie
- Re: increasing DNS message entropy, a solution fo… Ben Laurie
- Re: increasing DNS message entropy, a solution fo… Ben Laurie
- Re: increasing DNS message entropy, a solution fo… Duane
- Re: increasing DNS message entropy, a solution fo… Duane
- Re: increasing DNS message entropy, a solution fo… Ben Laurie
- Re: increasing DNS message entropy, a solution fo… Duane
- Re: increasing DNS message entropy, a solution fo… Ben Laurie
- Re: increasing DNS message entropy, a solution fo… Ben Laurie
- Re: increasing DNS message entropy, a solution fo… Alex Bligh
- Re: increasing DNS message entropy, a solution fo… Duane
- Re: increasing DNS message entropy, a solution fo… bert hubert
- Re: increasing DNS message entropy, a solution fo… Ray.Bellis
- Re: increasing DNS message entropy, a solution fo… Antoin Verschuren
- Re: increasing DNS message entropy, a solution fo… Ray.Bellis
- Re: increasing DNS message entropy, a solution fo… Duane
- Re: increasing DNS message entropy, a solution fo… bmanning
- Re: increasing DNS message entropy, a solution fo… Ray.Bellis
- Re: increasing DNS message entropy, a solution fo… bmanning
- Re: increasing DNS message entropy, a solution fo… bmanning
- Re: increasing DNS message entropy, a solution fo… Alex Bligh