[dns-operations] Sad news today: systemd-resolved to be deployed in Ubuntu 16.10

Carsten Strotmann carsten at strotmann.de
Mon Jun 6 17:05:23 UTC 2016


On 06/06/16 17:51, Peter van Dijk wrote:
> As for the NAT argument I read somewhere in the thread, yes, NAT often
> demolishes your randomised ports.

I did a DNS compliance test of CPE Router (Cable and DSL) for a provider
recently, and I can say that most modern CPE devices tested with NAT44
still keep UDP port randomization (tested with the DNS-OARC port
randomization test).

So this might be less of an issue in the future.


P.S.: there are still important problems with CPEs, such as blocking DNS
over TCP, mangling EDNS requests, only allowing a subset of the RFC
1034/1035 RR-Types through (and none of the more modern ones) ...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160606/2be9c16b/attachment.sig>

More information about the dns-operations mailing list