Re: [secdir] secdir review of draft-ietf-dnsop-reflectors-are-evil-04.txt


On Oct 2, 2007, at 1:41 AM, Mark Andrews wrote:

Someone should talk to ucdavis.edu and get this idiocy pulled.


And NIST, and many many others..

	Because there are lots of recursive and authoritative
	nameservers out there behind firewalls that get it right.

	I've seen many more complaints about UDP packets > 512 bytes
	being blocked than complaints about fallback to TCP failing.

	Most people actually do the right thing without thinking
	about it.  The allow TCP out to anything this includes DNS
	servers.

	Most allow both UDP and TCP in to their nameservers.  This
	is the silent majority.


Again, any pointers empirical data along these lines would
be appreciated.

-danny

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: [secdir] secdir review of draft-ietf-dnsop-reflectors-are-evil-04.txt
  - From: John Kristoff

References:
- Re: [secdir] secdir review of draft-ietf-dnsop-reflectors-are-evil-04.txt
  - From: Mark Andrews

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.