Tirumaleswar Reddy (tireddy) tire...@cisco.com wrote:
Any specific reason for the firewalls to permit TCP/53 other than for zone
transfer ?
RFC 5966
Tony.
--
f.anthony.n.finch d...@dotat.at http://dotat.at/
South Utsire, Northeast Forties: Easterly 4 or 5, increasing 6 or 7. Slight or
On Fri, Apr 25, 2014 at 10:46 AM, Ralf Weber d...@fl1ger.de wrote:
Moin!
On 25 Apr 2014, at 16:22, Tirumaleswar Reddy (tireddy) tire...@cisco.com
wrote:
Any specific reason for the firewalls to permit TCP/53 other than for zone
transfer ?
Wat? Because it is defined in the RFC. RFC1035 may
On 25 Apr 2014, at 11:14, Phillip Hallam-Baker hal...@gmail.com wrote:
The existing DNS works as far as the people running their firewalls
are concerned. The failure of TCP fallback in practice has been an
understood problem for 20+ years.
Understood, perhaps; measured and understood, not so
-Original Message-
From: Paul Vixie [mailto:p...@redbarn.org]
Sent: Thursday, April 24, 2014 12:11 AM
To: Dan Wing
Cc: dn...@ietf.org; dns-privacy@ietf.org; Prashanth Patil (praspati);
Tirumaleswar Reddy (tireddy)
Subject: Re: [DNSOP] DNS over DTLS (DNSoD)
for reasons well-spoken
On 24 Apr 2014, at 10:53, Phillip Hallam-Baker hal...@gmail.com wrote:
If you want to use TLS with DNS then use port 443. One of the effects
of firewalls is that we now only have three ports for all protocols:
Port 80/UDP: Non SSL traffic
Port 443/TCP: SSL traffic
Port 53/UDP: DNS
I
On Thu, Apr 24, 2014 at 11:19 AM, Joe Abley jab...@hopcount.ca wrote:
On 24 Apr 2014, at 10:53, Phillip Hallam-Baker hal...@gmail.com wrote:
If you want to use TLS with DNS then use port 443. One of the effects
of firewalls is that we now only have three ports for all protocols:
Port
On Thu, 24 Apr 2014 11:32:12 -0400, Phillip Hallam-Baker wrote:
...
For me the idea of putting TLS traffic over the same port as non TLS
traffic without careful attention to how the upgrade is achieved would
be 'butchering the protocol'. Changing the port number to one that is
known to work is a