http://www.sendmail.org/tips/pathmtu.html As we are talking about ECN and the funny handling of the IP suite by some admins and vendors, here another one for your reference. I had this problem 4 years ago, when my default MTU was 576 on my slow unreliable link... Found out that about 5%(pifomatics) hosts out there were broken. For instance you can solve it by enabling on MS servers "Black Hole router discovery". RFC1812 is good, but say a little bit too complicated for the standard administrator. There should be a document explaining how firewall should behave for the most common protocols. I used to block port TCP:53(domain) because I thought it was only required for domain transfer (master to slave). But I have learnt recently that DNS may fall back to TCP when the data is too big for UDP. How many DNS out there are blocking TCP:53. My guess a lot! An RFC for firewall behavior would be nice, isn't it? Protocol by protocol... Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: franck@sopac.org <mailto:franck@sopac.org> Web site: http://www.sopac.org/ <http://www.sopac.org/> Support FMaps: http://fmaps.sourceforge.net/ <http://fmaps.sourceforge.net/> Certificate: https://www.sopac.org/ssl/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -----Original Message----- From: Einar Stefferud [mailto:stef@nma.com] Sent: Wednesday, 26 June 2002 12:59 To: Lloyd Wood Cc: Keith Moore; Mike Burns; ietf Subject: Re: Global PKI on DNS? That is not trust that you see withering away. It is called value;-)...\Stef At 11:05 PM +0100 6/25/02, Lloyd Wood wrote: >On Tue, 25 Jun 2002, Keith Moore wrote: > > > I don't think the dollar analogy is very useful. The kind of trust > > we place in money is a very specific kind of trust, and the risk > > we take in trusting money is generally limited to the denomination > > of the note or coin. > >Inflation shows how much nobody trusts money. It's a trust that >withers away over time. > >L. > ><http://www.ee.surrey.ac.uk/Personal/L.Wood/><L.Wood@surrey.ac.uk>