On 19 Aug 2008, at 22:32, Dean Anderson wrote:
> On Mon, 18 Aug 2008, bert hubert wrote:
>>
>> What's the rush with deprecating DNS/TCP btw? It languished in the
>> shade for
>> 25 years..
>
> TCP doesn't work with Anycast, as was stated in RFC1546.
I just returned from a week with no Internet
* Paul Vixie:
> better still, let's deprecate these bit patterns altogether for OP=QUERY:
>
> QTYPE=255
Breaks some sendmail versions and qmail.
> QCLASS=255
QCLASS != IN seems more reasonable to me.
> RA=1 AND RD=0
By the responder or the initiator?
> and let's also make e
On Mon, 18 Aug 2008, bert hubert wrote:
>
> What's the rush with deprecating DNS/TCP btw? It languished in the shade for
> 25 years..
TCP doesn't work with Anycast, as was stated in RFC1546. And Root
server operators are supposed to offer TCP to everyone, not just those
that use the stateless UD
> On Mon, Aug 18, 2008 at 01:45:43PM -0400, Brian Dickson wrote:
> > The problem, I think, is TCP itself, not TCP support within
> > implementations. E.g. resource limits per IP address (16 bits of port
> > number) don't scale to current-size Internet scale.
>
> It is possible to host >10 c
> Bad example. One of the reasons we don't see more crypto per default on
> web browsing is precisely the limitations of SSL/CA's on using SSL with
> virtual host web sites. I'd hardly call the lack of port 443 a success
> story.
we don't need a reason to deprecate tcp/53 beyond what's written in
On Mon, Aug 18, 2008 at 06:11:14PM -0400, Paul Wouters wrote:
> >It is possible to host >10 connections on 1 IP address and 1 port, and
> >this happens in practice. Think, again, of webservers, which all have to
> >listen on port 80, yet support lots of clients simultaneously.
>
> Bad example.
On Mon, 18 Aug 2008, bert hubert wrote:
On Mon, Aug 18, 2008 at 01:45:43PM -0400, Brian Dickson wrote:
The problem, I think, is TCP itself, not TCP support within
implementations. E.g. resource limits per IP address (16 bits of port
number) don't scale to current-size Internet scale.
It is po
> > what would it do if it had a TCP-forbidding firewall between it and its
> > RDNS?
>
> Dunno, but when PowerDNS had TCP bugs in its resolver code, all the
> complaints I got were from Exchange users.
they'll cope.
> What's the rush with deprecating DNS/TCP btw? It languished in the shade for
On Mon, Aug 18, 2008 at 07:49:20PM +, Paul Vixie wrote:
> > > so what does microsoft exchange do when it tries to talk to a tinydns
> > > service like everydns.net who doesn't implement TCP/53 at all?
> >
> > It doesn't need to - it speaks to resolvers.
>
> what would it do if it had a TCP-fo
On Mon, Aug 18, 2008 at 01:45:43PM -0400, Brian Dickson wrote:
> The problem, I think, is TCP itself, not TCP support within
> implementations. E.g. resource limits per IP address (16 bits of port
> number) don't scale to current-size Internet scale.
It is possible to host >10 connections on
> Paul's original proposal, C (if I interpret it correctly) applies to
> resolver<->authority-server communications, not stub<->resolver
> communications.
no, i was pretty much ruling them out period. especially (RA=1 AND RD=0).
however, i could accept a SHOULD NOT for ADNS vs. a SHOULD for
bert hubert wrote:
The server I mean by the way is microsoft exchange, which likes to do DNS
over TCP.
so what does microsoft exchange do when it tries to talk to a tinydns service
like everydns.net who doesn't implement TCP/53 at all?
It doesn't need to - it speaks to resolvers.
On Mon, Aug 18, 2008 at 07:20:16PM +, Paul Vixie wrote:
> > We've just had it easy over the past years, and it shows.
>
> it *can't* scale. laws of physics.
'When a distinguished but elderly scientist states that something is
possible, he is almost certainly right. When he states that someth
On Mon, Aug 18, 2008 at 05:27:24PM +, Paul Vixie wrote:
> TCP/53 a redheaded stepchild and its uses are all dangerous or unscalable.
> (that initiators do the close, and that responders have a minimum 2-minute
> timeout, says that any conformant implementation can be slapped down hard
> with a
bert hubert wrote:
On Mon, Aug 18, 2008 at 04:34:30PM +, Paul Vixie wrote:
and let's also make explicit that TCP is not to be used unless UDP returns
TC or unless QTYPE=AXFR or unless UDP QTYPE=IXFR returned only one SOA.
This means disabling one of the more widely used MTAs.
Cou
On Mon, Aug 18, 2008 at 04:34:30PM +, Paul Vixie wrote:
> and let's also make explicit that TCP is not to be used unless UDP returns
> TC or unless QTYPE=AXFR or unless UDP QTYPE=IXFR returned only one SOA.
This means disabling one of the more widely used MTAs. TCP is a first class
DNS citizen
[EMAIL PROTECTED] (Paul Hoffman) writes:
> At 4:46 PM +0200 8/18/08, Peter Koch wrote:
>>Of course, one might claim that anybody using ANY in any production system
>>(pun intended) gets what they deserve.
>
> Fully agree. Maybe a BCP document titled "Asking for ANY Considered
> Unwise" would be u
17 matches
Mail list logo
