regnauld@catpipe.net (Phil Regnauld) writes:
Case in point, we've got customers running around in circles screaming "we need to upgrade, please help us upgrade NOW", but they have _3_ layers of routers and firewalls that are hardcoded to only allow DNS queries from port 53.
please take this problem, and all related threads, to <dns-operations@lists.oarci.net>. this is NANOG. there are plenty of people on that other mailing list willing to help and interested in helping with DNS issues. fwiw, we all know that udp port randomization isn't a panacea and that it will break many previously-working configurations. we just don't know what else to do NOW while we wait for godot or whomever to deliver us DNSSEC. -- Paul Vixie -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.