Re: draft-ietf-dnsext-forgery-resilience-01.txt

[Mark Andrews <Mark_Andrews@isc.org>]

> On Mon, 12 Nov 2007, Shane Kerr wrote:
> >
> > The only time you have an actual clash is when you have a duplicate
> > ID+source IP+source port+destination IP+destination port for a UDP
> > query, because then the resolver has no way to disambiguate the replies
> > it gets.
> 
> This situation is common for stub resolvers, and for cacheing resolvers
> that are doing a lot of lookups against the same zone. Any high-volume
> DNS client *will* encounter problems with naive random query IDs.

	It also doesn't help when the OS re-assigns the same port number
	over and over and over until there happens to be a collision
	which just causes it to move onto the next port and repeat the
	process.
 
> Tony.
> -- 
> f.a.n.finch  <dot@dotat.at>  http://dotat.at/
> WEST FORTIES CROMARTY FORTH TYNE WEST DOGGER: WESTERLY VEERING NORTHERLY 4 OR
> 5, INCREASING 5 TO 7, PERHAPS GALE 8 LATER IN TYNE AND WEST DOGGER. MODERATE
> OR ROUGH. RAIN OR SHOWERS. MODERATE OR GOOD.
> 
> --
> to unsubscribe send a message to namedroppers-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://ops.ietf.org/lists/namedroppers/>
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews@isc.org

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>