On May 14, 2009, at 8:37 PM, Mark Andrews wrote:
[TLB:] I can think of an argument they might make: that it is/could
be
used by bots as a fallback. However, redirecting DNS/UDP fits the
model
of "providing a better service for the average user";
blocking/redirecting TCP is more likely to break things a savvy user
needs.
There is still no sane reason to block TCP. If they are
intercepting DNS/UDP then they need to also intercept DNS/TCP
as they will break all sites that cause "tc=1" to be set
in the DNS/UDP reply.
First, since when does it require a "sane" reason to do something?
Second, and more importantly, John is right. Sprint is a for-profit
business. If blocking UDP - or TCP or HTTP or whatever - makes them
more money than not blocking it, they will do it. And rightly so.
Of course, it is entirely possible management figured out blocking
"DNS" was more profitable because the cost savings in lower call
center volume more than offset the 4 people who dropped Sprint because
of the block. So they told engineers to 'block DNS' and the engineers
did that without knowing that blocking TCP port 53 was not more
profitable, and perhaps was less profitable. Miscommunications abound
between Engineering and Management. This should surprise few, and
hopefully no one on NANOG.
Assuming something like that happened, will a post to NANOG fix it? I
don't know. Certainly has a non-zero chance. But trying to get
Sprint, or any provider, to change because _you_ think what they are
doing is not sane is, well, not sane.
"Never appeal to a man's 'better nature,' he may not have one.
Invoking his self-interest gives you more leverage."
--
TTFN,
patrick
