[dns-operations] L-Root Maintenance 2010-01-27 1800 UTC - 2000 UTC
vixie at isc.org
Wed Feb 3 13:41:33 UTC 2010
> Date: Wed, 3 Feb 2010 11:02:44 +0100
> From: Phil Regnauld <regnauld at nsrc.org>
> Paul Vixie (vixie) writes:
> > (there's a semi-private mailing list where this proposal is being
> > discussed, and a BSD kernel implementor is needed, william has running
> > code for linux but we want to do some multi-implementor interop testing.
> > if you're seriously interested in pursuing this approach, send me e-mail
> > and i'll add you to the mailing list where this is getting discussed.)
> How likely is it that this will break completely with today's
> existing stateful inspection packet filters ?
so far so good. surprisingly few stateful firewalls blast away TCP options
especially the ones that require an extension that puts some of them where
the payload usually is.
in testing thus far, this stuff gets through when UDP/53 does not and when
a new protocol like SCTP (which i'd otherwise have preferred) would not.
> Remember, the center of hourglass model is now HTTP :)
yeah, everybody's a middleman now. and i'm feeling extremely... monetized.
More information about the dns-operations