To:
"Ed Sawicki" <ed@alcpress.com>
Cc:
<dnsop@cafax.se>
From:
Kandra Nygårds <kandra@foxette.net>
Date:
Fri, 21 Feb 2003 20:45:10 +0100
Sender:
owner-dnsop@cafax.se
Subject:
Re: Why one port?
From: "Ed Sawicki" <ed@alcpress.com> > I'm not sure if you intended this as humor. If you didn't, why was > FTP assigned two ports without clients getting confused? One control channel, one data channel, so to speak. You might have noticed how the two assigned ports are called "ftp" and "ftp-data" respectively. > > It does make some sense in allowing a user-configurable port, but it makes > > (IMHO) a lot more sense in sticking to a single DNS-port. > > I never suggested that we need a user-configurable port. We need > a fixed UDP port for our recursive name servers/caches. Ah, in that case no. It makes no sense at all to use separate ports, just like it makes no sense at all to use a different port for SMTP between mail relays as between a client and server. It's the same protocol. > Many people are using /28 and /29 nets and some have only a single > IP address assigned to them by, in some cases, the only ISP in town. > Yet, they want to take control of their DNS _and_ not be prone to > attacks such as cache poisoning. Why should they be forced to use > up two precious or non-existent IP addresses when the limitation > is really artificial? NAT or portforward to 1918-space, if you've no other option. However, I still maintain that you should either pick a provider with clue, or find a better solution. If you don't have a clueful ISP, use a colo-facility for your authorative servers (which, in itself, is a pretty good idea). Question, how would running two instances of DNS software on the same machine, using different ports protect against cache poisoning? > >and you don't have to rewrite the Internet to do it. > > This seems to be a popular theme here. I see it as an exaggeration. The DNS protocol has worked quite well so far. I see no need to rewrite it in order to enable users perform less than clueful tasks. - Kandra #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.