Re: Minneapolis - agenda items please.

["Donald E. Eastlake 3rd" <dee3@torque.pothole.com>]

From:  Markus Stumpf <maex-lists-dns-ietf-dnsop@Space.Net>
Date:  Tue, 26 Feb 2002 15:18:20 +0100
To:  dnsop@cafax.se
Message-ID:  <20020226151820.A9474@Space.Net>
References:  <Pine.SOL.4.33.0202210933410.9569-100000@virgo.cus.cam.ac.uk> <ilu1yf9xhnh.fsf@josefsson.org>
In-Reply-To:  <ilu1yf9xhnh.fsf@josefsson.org>; from simon+dnsop@josefsson.org on Tue, Feb 26, 2002 at 12:31:46AM +0100
Organization:  SpaceNet AG, Muenchen, Germany
X-PGP-Fingerprint:  66 F3 75 79 01 D0 B8 5F  1A C7 77 88 4A B6 70 DF

>On Tue, Feb 26, 2002 at 12:31:46AM +0100, Simon Josefsson wrote:
>> see how it harms anyone else but the people that put incorrect
>> information in their own DNS zones.
>
>...

Re below: not just universities. When I was at Digital Equipment Corp,
there were cases of internal areas firewalled off from the rest of the
corporate net which was firewalled from the Internet. It was common
for the first MX to be for direct delivery, one or more second
priority to be for delivery to mail servers on the inner firewall, and
then several third priority for delivery to the main Digital firewall.
An outside mail sender would thus have to always go thorugh a number
of MXes before getting one that they could connect to. But this didn't
seem to cause much problem. I'm sure that, over the years, millions of
pieces of mail were delivered this way.

Donald

>Another example is section
>     6.3 SMTP servers behind firewalls
>I know lot of e.g. universities do this. Their faculties are somewhat
>independant and want to maintain their own DNS and Mailservers, but
>they have zillions of relay open workstations. So the computing staff
>blocks port 25 incoming on the border routers and forces the departments to
>add a lower priority MX gate.university. That way they don't have to maintain
>static routing tables on the mailserver as gate.university delivers
>via MX and does "the right thing". However this has a big impact
>on the sending mailservers, as they never can reach the best prio MX,
>time out and then backup. So it doesn't harm the DNS maintainers but
>people that try to send email to that destination.
>
>> Of course, the contents of the draft is good and everyone should
>> understand and follow it, but doesn't everyone already?  Is there any
>> point in caring about the people that doesn't?
>
>Yes. Some people simply don't think of consequences or are too unexperienced.
>Developers of software (e.g. mailservers) have a document of "bad things"
>that can happen and may put workarounds in.
>Thus I think it fits pretty well as a companion to
>    1178 Choosing a Name for Your Computer
>    1536 Common DNS Implementation Errors and Suggested Fixes
>    1713 Tools for DNS debugging
>    1912 Common DNS Operational and Configuration Errors
>    2182 Selection and Operation of Secondary DNS Servers
>
>
>	\Maex
>
>-- 
>SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
>Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
>"The security, stability and reliability of a computer system is reciprocally
> proportional to the amount of vacuity between the ears of the admin"