> Date: Tue, 7 Aug 2007 23:32:21 -0600 > From: "Jason J. W. Williams" <[EMAIL PROTECTED]> > > > The answer is simple- because they are supposed to be allowed. By > disallowing > > them you are breaking the agreed upon rules for the protocol. Before > > long it becomes impossible to implement new features because you can't > be > > sure if someone else hasn't broken something intentionally. > > I don't really have a dog in this fight about TCP 53. It does seem to me > that it's a bit black and white to treat the RFCs as religious texts. > It's important to follow them wherever possible, but frankly they don't > foresee the bulk of the future security issues that usually materialize. > So if a feature of the RFC isn't working for you security-wise, I > believe it's your call to break with it there. As someone else said, > don't complain when it breaks other things as well however.
It is worth noting that we are not talking about just RFCs here, but STD or "Internet Standards". RFCs are a variety of things, but when they become Internet Standards, they are supposed to be mandatory. That said, the STD makes opening TCP/53 non-mandatory as it is labeled as a "SHOULD", not a "MUST". Those blocking tcp/53 maybe stupid to do so, but they are only violating a strong recommendation and not a requirement. As is often pointed out, blocking port 53 will eventually almost certainly break something and I have yet to see a good argument for blocking TCP/53. > > > If you don't like the rules- then change the damned protocol. Stop > just > > doing whatever you want and then complaining when other people > disagree > > with you. > > I think its possible to disagree without calling other folks stupid... While the folks blocking or suggesting blocking TCP/53 may not be stupid, the act blocking it is. (Intelligent people do stupid things.) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
pgpZyICi3QW2r.pgp
Description: PGP signature