In message <CAAAwwbXPpNEU_aKgUe=9si2zayn30+nmrhosv2t4ag5fuet...@mail.gmail.com>
, Jimmy Hess writes:
> On Mon, Mar 5, 2012 at 6:09 PM, Justin M. Streiner
> <strei...@cluebyfour.org> wrote:
>
> > Admittedly we (the 'network guys') don't always make it easy for them. RF=
> Cs
> > get obsoleted by newer RFCs, but the newer RFCs might still reference ite=
> ms
> > from the original RFC, etc. =A0This can turn into developing for somethin=
> g
>
> Yes, this is problematic. The preferred result should be one specificati=
> on
> for each protocol, with references only for optional extensions.
>
> > Other common, but misguided assumptions (even in 2012):
> > 1. You will be using IPv4. =A0We have no idea what this IPv6 nonsense is.
> > Looks complicated and scary.
> > 2. 255.255.255.0 is the only valid netmask.
> > 3. You are using Internet Explorer, and our web management interface has
> > ActiveX controls that require you to do so.
> > 4. You will be assimilated. =A0Resistance is futile.
>
> Add some additional misguided assumptions:
>
> (5) Any IP address whose first octet is 192. or 1. is a private IP.
> (6) Any IP address whose first octet is not 192. is not a valid LAN IP=
> .
> (7) Any IP address whose last octet is .0 is an invalid IP host addres=
> s
> (8) Any IP address whose last octet is .255 is an invalid IP host addre=
> ss
>
> (9) If my DNS service supports DNSSEC validation, even with no trust an=
> chors
> configured, it's cool to go ahead and send all queries with
> the CD and DO bits
> set to 1
> and perform no validation; it's even cooler if I only
> support SHA1 keys and
> no RSA/SHA-256.
Setting DO to 1 is fine. CD however should be zero unless CD was one on
the request.
> (10) Everyone enters their NTP, and AD servers by IP address, so it
> is best to have a textbox that only allows IPs, not hostnames.
>
> (11) Nobody actually uses SRV records, so don't bother looking for them.
>
> (12) Once a DNS lookup has been performed, the IP never changes, so
> it makes sense
> to keep this in memory until we reboot.
>
> (13) Nobody has more than 1 recursive DNS server, 1 NTP server, 1
> LDAP server,
> 1 Syslog server, and 1 Snmp management station;
> so a single IP entry text box for each will suffice.
>
> (14) Nobody has more than 2 recursive DNS servers, so just allow
> only 2 to be entered.
>
> (15) 30 seconds per resolver seems like a good timeout for DNS queries, s=
> o no
> need for a configurable timeout; just try each server
> sequentially, make the
> UI hang, the user will be happy to wait 5 minutes; also make
> the service
> provided by the device temporarily stop -- users likes it
> when their devices
> stop working, to remind them to get their first DNS server back up.
>
> (16) The default gateway's IP address is always 192.168.0.1
> (17) The user portion of E-mail addresses never contain special
> characters like "-" "+" "$" "~" "." ",", "[", "]"
(18) DNS doesn't use TCP so I won't forward it.
(19) I only need to offer 1 DNS server though I learnt 3 from
upstream and they all have different characteristics.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
