nanog mailing list archives
Re: I don't need no stinking firewall!
From: Tony Finch <dot () dotat at>
Date: Wed, 6 Jan 2010 14:39:19 +0000
On Tue, 5 Jan 2010, Kevin Oberman wrote:
I suspect at least part of this will soon get fixed due to DNSSEC. Blocking tcp/53 and packets over 512 bytes will cause user complaints and, after enough education, the problem will get fixed.
Yes. Remember the root zone is due to be signed within the next six months, and many nameservers (BIND in particular) request DNSSEC data by default. You WILL have to deal with large DNS replies SOON - the first ones from the root servers will appear this month. http://www.root-dnssec.org/ Tony. -- f.anthony.n.finch <dot () dotat at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
Current thread:
- I don't need no stinking firewall! Brian Johnson (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Simon Lockhart (Jan 05)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Jared Mauch (Jan 05)
- Re: I don't need no stinking firewall! Kevin Oberman (Jan 05)
- Re: I don't need no stinking firewall! Tony Finch (Jan 06)
- Re: I don't need no stinking firewall! Brielle Bruns (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- Re: I don't need no stinking firewall! Jonathan Lassoff (Jan 05)
- Re: I don't need no stinking firewall! Dobbins, Roland (Jan 05)
- RE: I don't need no stinking firewall! George Bonser (Jan 05)
- Re: I don't need no stinking firewall! James Hess (Jan 05)
- Re: I don't need no stinking firewall! William Pitcock (Jan 06)