In message <[email protected]>, Fernando Gont writes: > Hi, Mark, > > Thanks so much for your input Comments in-line... > > On 10/11/2015 09:25 PM, Mark Andrews wrote: > > > > Lots of the content is pertanent today. Look at the treatement of > > DNS packets in todays firewalls. > > > > It took years to get EDNS packets larger then 512 bytes through > > most firewalls by default. Some still block packets bigger than > > 512 bytes. > [....] > > Question: Has all of this been summarized somewhere?
Parts of it show up in EDNS compliance failures graphs at <https://ednscomp.isc.org/compliance/summary.html>. There are server level reports the last compliance run at <https://ednscomp.isc.org/> as well as a online tester. draft-andrews-dns-no-response-issue also talks about parts of it. > If not, it would seem that it would be desirable to explicitly include > all this evil behavior in e.g. the forthcoming "advice" document. > > Thoughts? Perhaps. Pointing out badness is the first step to getting it fixed. > Thanks! > > Best regards, > -- > Fernando Gont > SI6 Networks > e-mail: [email protected] > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
