Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Re: NNPS / TCP port 433 (Grant Taylor)
----------------------------------------------------------------------
Message: 1
Date: Sun, 12 Dec 2021 11:03:07 -0700
From: Grant Taylor <[email protected]>
To: [email protected]
Subject: Re: NNPS / TCP port 433
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
On 12/12/21 10:50 AM, Russ Allbery wrote:
> I think email clients mostly use manual configuration, even. I've
> yet to work somewhere where the email servers were autodiscovered.
I've pondered supporting auto-configuration for my email server. But
then again, I've always considered it as somewhat of a bullseye on the
side of the barn in the form of "the service you're wanting to attack is
over there". But as I type this, the barn door is open when services
are on their default port.
I do see some value in SRV records for things like SSH and moving it to
an alternate port. But I don't think I'd want those SRV records to be
globally available. :-/
> The most natural way to use SRV records, particularly across protocols,
> is to ask DNS for the values of all the SRV records in question and
> then sort and apply logic to them within the client.
Ya. I think that's my primary concern with multi-protocol SRV records.
You must make multiple DNS queries, one for each protocol.
Aside: My SVCB example could have been compacted to a single query with
target information provided in additional info.
> That's what Kerberos does, for example. It unfortunately means
> handling the DNS lookups directly in the client and not outsourcing
> them to a program like netcat or telnet that isn't aware of what
> protocol you're using.
Yep. The lack of retrofitting is one of the holdups for me.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://lists.isc.org/pipermail/inn-workers/attachments/20211212/7c1fcdcd/attachment-0001.bin>
------------------------------
Subject: Digest Footer
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
------------------------------
End of inn-workers Digest, Vol 136, Issue 4
*******************************************
