Re: ISPs blocking port 53? (was Re: Annoying dynamic DNS updates)
How should an ISP tell the difference between "good" DNS packets and "bad" DNS packets?
the bad ones are the ones people complain about.
You aren't complaining about your dynamic update packets or even all dynamic updates. You are complaining about someone sending you packets you don't want. And more precisely, you are complaining that Comcast is failing to send you other packets you want to receive, i.e. a response to your e-mail packets.
yup. where "packets i do not want" could as easily be ddos ("zwil") or spam.
I've been thinking how to use ICMP to signal different types of responses; and even how "smart" edges on both ends of a communication could establish and enforce policies. Most of these are non-malicious communications involving misconfigured systems. Edge communications avoids problems with the host system, but has problems with multi-path communications and source validation.
the whole end-to-end argument depends on uniform clue distribution for scale.
On Sun, 28 Sep 2003, Paul Vixie wrote:
I've been thinking how to use ICMP to signal different types of responses; and even how "smart" edges on both ends of a communication could establish and enforce policies. Most of these are non-malicious communications involving misconfigured systems. Edge communications avoids problems with the host system, but has problems with multi-path communications and source validation.
the whole end-to-end argument depends on uniform clue distribution for scale.
The current method of complaining to an ISP doesn't scale very well either. As you observed in your previous message, supporting 10,000 or ten million customers has many poor scaling properties. Especialy if you have to fix issues on a case-by-case basis. Getting vendors to supply more appropriate defaults offers better scaling possibilities. Your complaint might fix one user's computer, Microsoft updating the default behaivor would fix tens of millions of users' computers. Which scales better? If software didn't do dumb things by default, we wouldn't have to fix the software one customer at a time. If BIND, ISC DHCP and Windows shipped by default with "safe" settings, and did a better job of telling the person who can fix the problem that there is a problem, would there be fewer problems? How can a Windows system have a fatal error every hour for days and months, and the user not be aware of it until someone else calls them? If Dynamic DNS Update is so critical that Microsoft feels the need to enable it by default, why doesn't Microsoft pop an error dialog window on the user's machine every time it fails? Then the user could decide to fix the problem, or stop doing it. If the user doesn't know there is a problem, why should he fix it?
participants (2)
-
Paul Vixie
-
Sean Donelan