Re: ISPs blocking port 53? (was Re: Annoying dynamic DNS updates)

[Paul Vixie <paul () vix com>]

> How should an ISP tell the difference between "good" DNS packets and "bad"
> DNS packets?

the bad ones are the ones people complain about.

> You aren't complaining about your dynamic update packets or even all
> dynamic updates. You are complaining about someone sending you packets
> you don't want. And more precisely, you are complaining that Comcast is
> failing to send you other packets you want to receive, i.e. a response to
> your e-mail packets.

yup.  where "packets i do not want" could as easily be ddos ("zwil") or spam.

> I've been thinking how to use ICMP to signal different types of
> responses; and even how "smart" edges on both ends of a communication
> could establish and enforce policies.  Most of these are non-malicious
> communications involving misconfigured systems.  Edge communications
> avoids problems with the host system, but has problems with multi-path
> communications and source validation.

the whole end-to-end argument depends on uniform clue distribution for scale.