Re: Why one port?

[Ed Sawicki <ed@alcpress.com>]

On Fri, 2003-02-21 at 10:33, Kandra Nygårds wrote:
> From: "Ed Sawicki" <ed@alcpress.com>
> 
> > I'm wondering why there is only one UDP port assigned to the DNS
> > protocol? It prevents us from using both an iterative name
> > server and a recursive name server/cache on the same computer
> > when only one IP address is available.
> 
> Presumably so that clients would not have to guess what port to use.

I'm not sure if you intended this as humor. If you didn't, why was
FTP assigned two ports without clients getting confused?

> It does make some sense in allowing a user-configurable port, but it makes
> (IMHO) a lot more sense in sticking to a single DNS-port.

I never suggested that we need a user-configurable port. We need
a fixed UDP port for our recursive name servers/caches.

> 
> I have to wonder, why are you only able to use a single IP-address? Is it a
> provider limitation? Get a real provider. OS limitation? Application
> limitation? In either case, I'd recommend running the resolver on a separate
> machine. If security is your concern, it makes even more sense,

Many people are using /28 and /29 nets and some have only a single
IP address assigned to them by, in some cases, the only ISP in town.
Yet, they want to take control of their DNS _and_ not be prone to
attacks such as cache poisoning. Why should they be forced to use
up two precious or non-existent IP addresses when the limitation
is really artificial?

>and you don't have to rewrite the Internet to do it.

This seems to be a popular theme here. I see it as an exaggeration.

> - Kandra
> 
> 
> 
> #----------------------------------------------------------------------
> # To unsubscribe, send a message to <dnsop-request@cafax.se>.
-- 
Ed Sawicki <ed@alcpress.com>
ALC

#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.