Re: [v6ops] new draft: draft-ietf-v6ops-6204bis
Mark Andrews <marka@isc.org> Thu, 20 October 2011 23:39 UTC
Return-Path: <marka@isc.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDE9D1F0C4D for <v6ops@ietfa.amsl.com>; Thu, 20 Oct 2011 16:39:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.279
X-Spam-Level:
X-Spam-Status: No, score=-2.279 tagged_above=-999 required=5 tests=[AWL=-0.280, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7j0oLZtWoE-0 for <v6ops@ietfa.amsl.com>; Thu, 20 Oct 2011 16:39:53 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) by ietfa.amsl.com (Postfix) with ESMTP id 552DB1F0C43 for <v6ops@ietf.org>; Thu, 20 Oct 2011 16:39:53 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.pao1.isc.org (Postfix) with ESMTPS id D7134C9423; Thu, 20 Oct 2011 23:39:40 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:6233:4bff:fe01:7585]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id B54FD216C6A; Thu, 20 Oct 2011 23:39:37 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 7089615AB57F; Fri, 21 Oct 2011 10:39:32 +1100 (EST)
To: Jared Mauch <jared@puck.nether.net>
From: Mark Andrews <marka@isc.org>
References: <4E974F1A.2030008@forthnetgroup.gr><5B6B2B64C9FE2A489045EEEADDAFF2C3030A4156@XMB-RCD-109.cisco.com><5B6B2B64C9FE2A489045EEEADDAFF2C303130390@XMB-RCD-109.cisco.com><4E98CCB2.2050100@forthnetgroup.gr><5B6B2B64C9FE2A489045EEEADDAFF2C3031303D8@XMB-RCD-109.cisco.com><4E994515.6020204@forthnetgroup.gr><5B6B2B64C9FE2A489045EEEADDAFF2C303130B54@XMB-RCD-109.cisco.com><5B6B2B64C9FE2A489045EEEADDAFF2C303130C12@XMB-RCD-109.cisco.com><4E9E8706.6050006@forthnetgroup.gr><39D5D616-6E56-46B1-B773-437184567E60@employees.org><CAKD1Yr3SRRjk4fjg1WkUZSQ6rRT2+dY5p-wjtEiA5SFvx4kqGA@mail.gmail.com><0F5D8352-7A20-46BF-867B-DBBF36CF0B01@apple.com><4EA04F5F.1010809@unfix.org> <18D34AC6-ABD2-48CB-8F33-EEBEB9BF8263@puck.nether.net> <5B6B2B64C9FE2A489045EEEADDAFF2C3031FD29C@XMB-RCD-109.cisco.com> <46726B00-1592-4F0B-9E95-960D1645E6D8@puck.nether.net>
In-reply-to: Your message of "Thu, 20 Oct 2011 14:13:23 EDT." <46726B00-1592-4F0B-9E95-960D1645E6D8@puck.nether.net>
Date: Fri, 21 Oct 2011 10:39:32 +1100
Message-Id: <20111020233932.7089615AB57F@drugs.dv.isc.org>
Cc: IPv6 Operations <v6ops@ietf.org>, draft-ietf-v6ops-6204bis@tools.ietf.org
Subject: Re: [v6ops] new draft: draft-ietf-v6ops-6204bis
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 23:39:54 -0000
In message <46726B00-1592-4F0B-9E95-960D1645E6D8@puck.nether.net>, Jared Mauch writes: > > On Oct 20, 2011, at 1:52 PM, Hemant Singh (shemant) wrote: > > > > > -----Original Message----- > > From: v6ops-bounces@ietf.org [mailto:v6ops-bounces@ietf.org] On Behalf > > Of Jared Mauch > > Sent: Thursday, October 20, 2011 12:50 PM > > To: Jeroen Massar > > Cc: IPv6 Operations; draft-ietf-v6ops-6204bis@tools.ietf.org > > Subject: Re: [v6ops] new draft: draft-ietf-v6ops-6204bis > > > > > >> This is a long war against the firewall culture that we are unlikely to > > win. The less clued out there continue to set local security policies > > in a way that >break and inhibit the proper use of technology. While > > this may seem defeatist, we should certainly continue to educate these > > folks. > > > > See RFC 4890, section 4.3.1. > > > > Hemant > > Yeah, but try to make someone who says "i'm from IT/Security" i'm here to hel > p read/know what a RFC is. > > Lost cause in most cases. These are the same folks who think that TCP/53 is > just for zone transfers and will keep their head in the sand about dnssec/edn > s0 too. If you block PTB you get slow connections. If you block DNS responses > 512 bytes you get slow DNS lookups. If you block fragmented UDP you get slow DNS lookups. If you block TCP/53 you get DNS lookup failures. All of these are very noticable when they are occuring. On the DNS side of things (the last 3) these are usually self inflicted and can be self corrected. Even Microsoft now accepts TCP/53 to their servers though it took several years of complaints. When I've encounted web sites that block PTB I've usually been able to get the problem fixed. For TCP/53 there is now a RFC that make TCP/53 a MUST, overriding the stupid SHOULD on RFC 1123. People do correct these sorts of faults. I see this being done regularly. Yes, it is a slow process. As for TCP/53, *all* of the root servers are currently sending out incorrect referral for COM/NET etc as they are, incorrectly, dropping glue records. Only additional data is supposed to be dropped and while glue is in the additional section it is *not* additional data. This behaviour can cause referrals to fail. GOV experienced such failures a couple of months back and the solution was to upgrade the servers to ones that set TC=1 when glue doesn't fit when the glue matched the query. Upgrading the root servers to alway set TC=1 when glue doesn't fit will fix the TCP/53 isn't required myth. Some of them already set TC=1 when the glue matches the query and it doesn't fit. Mark > - jared > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Maglione Roberta
- [v6ops] new draft: draft-ietf-v6ops-6204bis fred
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Fred Baker
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis STARK, BARBARA H
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Maglione Roberta
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Fred Baker
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Fred Baker
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis STARK, BARBARA H
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Maglione Roberta
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Simon Perreault
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Fred Baker
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis STARK, BARBARA H
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Fred Baker
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Maglione Roberta
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Ole Troan
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Maglione Roberta
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis christian.jacquenet
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Simon Perreault
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis François-Xavier Le Bail
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Stuart Cheshire
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis christian.jacquenet
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Stuart Cheshire
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Lorenzo Colitti
- [v6ops] new draft: draft-ietf-v6ops-6204bis Tassos Chatzithomaoglou
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Dan Wing
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Dan Wing
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Dan Wing
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Dan Wing
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Tassos Chatzithomaoglou
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Dan Wing
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Doug Barton
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Tassos Chatzithomaoglou
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Fred Baker
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Tassos Chatzithomaoglou
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis mohamed.boucadair
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis mohamed.boucadair
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis james woodyatt
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Ole Troan
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Weil, Jason
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis STARK, BARBARA H
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Victor Kuarsingh
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Tassos Chatzithomaoglou
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Ole Troan
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis mohamed.boucadair
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Tassos Chatzithomaoglou
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Maglione Roberta
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis james woodyatt
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Wes Beebee
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis STARK, BARBARA H
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Wes Beebee
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Alain Durand
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Reinaldo Penno
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Dan Wing
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis christian.jacquenet
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Ole Troan
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis mohamed.boucadair
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis mohamed.boucadair
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Lorenzo Colitti
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Tina TSOU
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Reinaldo Penno
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis mohamed.boucadair
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis james woodyatt
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Jeroen Massar
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Jared Mauch
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Jeroen Massar
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis james woodyatt
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Dan Wing
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis james woodyatt
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Jared Mauch
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Mark Andrews
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Lorenzo Colitti
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Lorenzo Colitti
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Lorenzo Colitti
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis james woodyatt
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Ray Hunter
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Washam Fan
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Hemant Singh (shemant)
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis SM
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Ray Hunter
- Re: [v6ops] new draft: draft-ietf-v6ops-6204bis Lorenzo Colitti