Re: DNS zone transfer

From: Valdis.Kletnieksat_private
Date: Sun Jun 09 2002 - 18:33:31 PDT

  • Next message: Edwin Groothuis: "Re: DNS zone transfer"

    On Sun, 09 Jun 2002 16:18:38 PDT, David Schwartz said:
    
    > 	They can't filter port 53/tcp if the are authoritative for any domains. 
    > Support for TCP queries is not optional.
    
    You'd be AMAZED at how many sites don't let a small thing like standards
    stand in the way of doing something stupid - top of my pet peeve list
    most weeks are sites that reject SMTP 'MAIL FROM:<>' and sites that number
    their point-to-point links out of RFC1918 space and then wonder why
    path MTU Discovery breaks when a site that implements proper martian
    filtering tries to talk to them.  There's a nice IETF draft about other
    stupidity being seen on the net here:
    
    http://www.ietf.org/internet-drafts/draft-floyd-tcp-reset-04.txt
    
    Security implication:  Well, if your site insists on advertising its
    rampant cluelessness.... ;)
    
    
    -- 
    				Valdis Kletnieks
    				Computer Systems Senior Engineer
    				Virginia Tech
    
    
    
    



    This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 11:55:04 PDT