[dns-operations] Sad news today: systemd-resolved to be deployed in Ubuntu 16.10
Carsten Strotmann
carsten at strotmann.de
Mon Jun 6 17:05:23 UTC 2016
Hi,
On 06/06/16 17:51, Peter van Dijk wrote:
>
> As for the NAT argument I read somewhere in the thread, yes, NAT often
> demolishes your randomised ports.
I did a DNS compliance test of CPE Router (Cable and DSL) for a provider
recently, and I can say that most modern CPE devices tested with NAT44
still keep UDP port randomization (tested with the DNS-OARC port
randomization test).
So this might be less of an issue in the future.
Carsten
P.S.: there are still important problems with CPEs, such as blocking DNS
over TCP, mangling EDNS requests, only allowing a subset of the RFC
1034/1035 RR-Types through (and none of the more modern ones) ...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160606/2be9c16b/attachment.sig>
More information about the dns-operations
mailing list