ECN and now Path MTU discovery

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



http://www.sendmail.org/tips/pathmtu.html

As we are talking about ECN and the funny handling of the IP suite by some
admins and vendors, here another one for your reference. I had this problem
4 years ago, when my default MTU was 576 on my slow unreliable link... Found
out that about 5%(pifomatics) hosts out there were broken. For instance you
can solve it by enabling on MS servers "Black Hole router discovery".

RFC1812 is good, but say a little bit too complicated for the standard
administrator. There should be a document explaining how firewall should
behave for the most common protocols.

I used to block port TCP:53(domain) because I thought it was only required
for domain transfer (master to slave). But I have learnt recently that DNS
may fall back to TCP when the data is too big for UDP. How many DNS out
there are blocking TCP:53. My guess a lot!

An RFC for firewall behavior would be nice, isn't it? Protocol by
protocol...

Franck Martin
Network and Database Development Officer
SOPAC South Pacific Applied Geoscience Commission
Fiji
E-mail: franck@sopac.org <mailto:franck@sopac.org> 
Web site: http://www.sopac.org/
<http://www.sopac.org/> Support FMaps: http://fmaps.sourceforge.net/
<http://fmaps.sourceforge.net/> 
Certificate: https://www.sopac.org/ssl/ 

This e-mail is intended for its addresses only. Do not forward this e-mail
without approval. The views expressed in this e-mail may not be necessarily
the views of SOPAC.



-----Original Message-----
From: Einar Stefferud [mailto:stef@nma.com]
Sent: Wednesday, 26 June 2002 12:59 
To: Lloyd Wood
Cc: Keith Moore; Mike Burns; ietf
Subject: Re: Global PKI on DNS?


That is not trust that you see withering away.

It is called value;-)...\Stef

At 11:05 PM +0100 6/25/02, Lloyd Wood wrote:
>On Tue, 25 Jun 2002, Keith Moore wrote:
>
>  > I don't think the dollar analogy is very useful.  The kind of trust
>  > we place in money is a very specific kind of trust, and the risk
>  > we take in trusting money is generally limited to the denomination
>  > of the note or coin.
>
>Inflation shows how much nobody trusts money. It's a trust that
>withers away over time.
>
>L.
>
><http://www.ee.surrey.ac.uk/Personal/L.Wood/><L.Wood@surrey.ac.uk>


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]