"Kevin Oberman" <oberman@es.net> writes:
He said that if the protocols would not handle blocked 53/tcp, the protocols would have to be changed. Opening the port was simply not open to discussion.
Do they also believe that all DNS replies are less than 512 bytes? :-)
Sure, why not. The phrase "simply not open to discussion" in this context can be accurately read as "we were told this was good, but couldn't possibly defend the line of reasoning since we have no clue what it was." It's like debating PMTU brokenness with someone who feels that blocking all ICMP is a Really Smart Clever Good Thing To Do, because someone told them all about evil ICMP. Sometimes, the happiest solution is to let the pain rain. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.