[dns-operations] happy september!
John Kristoff
jtk at depaul.edu
Wed Sep 7 03:57:44 UTC 2016
On Tue, 6 Sep 2016 19:16:35 +0000
Jared Mauch <jared at puck.nether.net> wrote:
> If you have ideas of network[ing] related myths we need to better
> communicate, I’m interested in hearing your ideas.
I started a thread based on this idea on NANOG a few years back. I
never ended up putting the list together, but here are a few common and
easy ones:
* Referring to a /24 prefix as a class C (or /16 as a B, /8 as an A).
* DNS over TCP is for zone transfers only.
* All ICMP packets pose a security risk and should be blocked.
* Forward and reverse paths are symmetric.
* Private addressing and NAT are necessary for security.
* When DNS resolvers need to look up a name such as foo.example.net,
they first ask a root server for the address of .net.
* UDP = Unreliable Datagram protocol.
* Fewer traceroute hops = faster / shorter / closer.
* A /24 contains 254 addresses.
* Servers are always best protected with stateful firewalls.
* Ethernet autonegotiation is best disabled.
* RFCs are standards.
* Collisions on shared Ethernet are bad.
John
More information about the dns-operations
mailing list