> Dear WG,
>
> RSSAC and SSAC are soliciting feedback on firewall behaviour against response
> s
> to "priming queries": <http://www.icann.org/committees/security/sac016.htm>.
>
> In this context it might be useful to define "priming queries" and the
> technical expectations from the resolver author and/or operator perspective.
>
> -Peter
While not crucial to the "priming queries" issue this should
be extend to cover NAT boxes and their handling of out of
order fragmented responses.
It would be useful to have a additional column in the table
which specifies the maximum fragemented UDP response those
firewalls support.
Could the test box please be configured to specify a minimum
IPv4 mtu on the interface in question. This will verify that
the firewalls in question do correctly handle fragmented UDP
responses. It would be nice if the first fragment could be
sent last, perhaps a second box could delay the initial fragment
by 20 ms or so.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
DNSOP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/dnsop
