In message <CAAAwwbXPpNEU_aKgUe=9Si2ZaYn30+NmrHOsV2t4AG5fUEtUHw@mail.gmail.com> , Jimmy Hess writes:
On Mon, Mar 5, 2012 at 6:09 PM, Justin M. Streiner <streiner@cluebyfour.org> wrote:
Admittedly we (the 'network guys') don't always make it easy for them. RF= Cs get obsoleted by newer RFCs, but the newer RFCs might still reference ite= ms from the original RFC, etc. =A0This can turn into developing for somethin= g
Yes, this is problematic. The preferred result should be one specificati= on for each protocol, with references only for optional extensions.
Other common, but misguided assumptions (even in 2012): 1. You will be using IPv4. =A0We have no idea what this IPv6 nonsense is. Looks complicated and scary. 2. 255.255.255.0 is the only valid netmask. 3. You are using Internet Explorer, and our web management interface has ActiveX controls that require you to do so. 4. You will be assimilated. =A0Resistance is futile.
Add some additional misguided assumptions:
(5) Any IP address whose first octet is 192. or 1. is a private IP. (6) Any IP address whose first octet is not 192. is not a valid LAN IP= . (7) Any IP address whose last octet is .0 is an invalid IP host addres= s (8) Any IP address whose last octet is .255 is an invalid IP host addre= ss
(9) If my DNS service supports DNSSEC validation, even with no trust an= chors configured, it's cool to go ahead and send all queries with the CD and DO bits set to 1 and perform no validation; it's even cooler if I only support SHA1 keys and no RSA/SHA-256.
Setting DO to 1 is fine. CD however should be zero unless CD was one on the request.
(10) Everyone enters their NTP, and AD servers by IP address, so it is best to have a textbox that only allows IPs, not hostnames.
(11) Nobody actually uses SRV records, so don't bother looking for them.
(12) Once a DNS lookup has been performed, the IP never changes, so it makes sense to keep this in memory until we reboot.
(13) Nobody has more than 1 recursive DNS server, 1 NTP server, 1 LDAP server, 1 Syslog server, and 1 Snmp management station; so a single IP entry text box for each will suffice.
(14) Nobody has more than 2 recursive DNS servers, so just allow only 2 to be entered.
(15) 30 seconds per resolver seems like a good timeout for DNS queries, s= o no need for a configurable timeout; just try each server sequentially, make the UI hang, the user will be happy to wait 5 minutes; also make the service provided by the device temporarily stop -- users likes it when their devices stop working, to remind them to get their first DNS server back up.
(16) The default gateway's IP address is always 192.168.0.1 (17) The user portion of E-mail addresses never contain special characters like "-" "+" "$" "~" "." ",", "[", "]"
(18) DNS doesn't use TCP so I won't forward it. (19) I only need to offer 1 DNS server though I learnt 3 from upstream and they all have different characteristics. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org