On Sun, 09 Jun 2002 16:18:38 PDT, David Schwartz said: > They can't filter port 53/tcp if the are authoritative for any domains. > Support for TCP queries is not optional. You'd be AMAZED at how many sites don't let a small thing like standards stand in the way of doing something stupid - top of my pet peeve list most weeks are sites that reject SMTP 'MAIL FROM:<>' and sites that number their point-to-point links out of RFC1918 space and then wonder why path MTU Discovery breaks when a site that implements proper martian filtering tries to talk to them. There's a nice IETF draft about other stupidity being seen on the net here: http://www.ietf.org/internet-drafts/draft-floyd-tcp-reset-04.txt Security implication: Well, if your site insists on advertising its rampant cluelessness.... ;) -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 11:55:04 PDT