[dns-operations] charter, sitefinder, opendns (slashdot today)
David Ulevitch
davidu at everydns.net
Fri Feb 16 07:45:32 UTC 2007
Paul Vixie wrote:
>> This is not true. ISPs are actively considering blocking 53 and no
>> rationale for that exists.
>
> i think they have a rationale. maybe they want to make money fast. or
> maybe they want the dns transactions to go through a bothunting IDS.
Your first example says they should modify their customers resolvers.
Your second example says they should passively tap their customers
resolvers.
Neither says they should restrict port 53. There's only one example
that could justify blocking port 53 and it's not a very good one because
the bad guys will just switch ports.
>> Historically, and not for better, but for worse, irrational actions
>> generate irrational responses.
>>
>> Let's not let that happen.
>
> i've been standing in the water up to my waist trying to hold back that tide.
> so, i'm not sure what you mean by "not let".
We could start by putting together some policy or BCPs that explain why
blocking 53 doesn't solve any issues but creates more complexity, arms
races, and overall brokenness in the Internet.
-david
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list