nanog mailing list archives
RE: you're not interesting, was Re: another brick in the wall[ed garden]
From: "Tomas L. Byrnes" <tomb () byrneit net>
Date: Thu, 14 May 2009 17:24:26 -0700
Disclaimer: I have a dog in this fight, since ThreatSTOP is dependent on DNS/TCP.
-----Original Message----- From: Mark Andrews [mailto:Mark_Andrews () isc org] Sent: Thursday, May 14, 2009 4:59 PM To: John Levine Cc: nanog () nanog org; rs () seastrom com Subject: Re: you're not interesting,was Re: another brick in the
wall[ed
garden] In message <20090514223605.88104.qmail () simone iecc com>, John Levine writes:Dear Sprint EVDO people, Your man-in-the-middle hijacking of UDP/53 DNS queries against nameservers that I choose to query from my laptop on Sprint EVDO is not appreciated. Even less appreciated is your complete blocking of TCP/53 DNS queries.If I were an ISP, and I knew that approximately 99.9% of customer queries to random name servers was malware doing fake site phishing
or
misconfigured PCs that will work OK and avoid a support call if they answer the DNS query, with 0.1% being old weenies like us, I'd do
what
Sprint's doing, too.And what's the next protocol that is going to be stomped on?If you're aware of a mechanical way for them to tell the difference, we're all ears.Well you can't answer a TSIG message without knowing the shared secret so you might as well just let it go through and avoid some percentage of support calls. Intercepting TSIG messages is guaranteed to generate a support call. Similarly intercepting "rd=0" is also guaranteed to generate a support call. You almost certainly have a interative resolver making the query which will not handle the "aa=0" responses. Similarly there is no sane reason to block DNS/TCP other than they can do it.
[TLB:] I can think of an argument they might make: that it is/could be used by bots as a fallback. However, redirecting DNS/UDP fits the model of "providing a better service for the average user"; blocking/redirecting TCP is more likely to break things a savvy user needs. Maybe someone with clue at Sprint can be persuaded that doing their own "OpenDNS" for UDP is probably a good thing for most uses, but doing it for TCP is a bad thing for those users who need TCP.
Current thread:
- another brick in the wall[ed garden] Robert E. Seastrom (May 14)
- Re: another brick in the wall[ed garden] Owen DeLong (May 14)
- Re: another brick in the wall[ed garden] Robert E. Seastrom (May 14)
- Re: another brick in the wall[ed garden] Seth Mattinen (May 14)
- you're not interesting, was Re: another brick in the wall[ed garden] John Levine (May 14)
- RE: you're not interesting, was Re: another brick in the wall[ed garden] Dave Larter (May 14)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Marshall Eubanks (May 14)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Mark Andrews (May 14)
- RE: you're not interesting, was Re: another brick in the wall[ed garden] Tomas L. Byrnes (May 14)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Mark Andrews (May 14)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Patrick W. Gilmore (May 16)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] George Imburgia (May 17)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Patrick W. Gilmore (May 17)
- RE: you're not interesting, was Re: another brick in the wall[ed garden] Dave Larter (May 14)
- Re: another brick in the wall[ed garden] Owen DeLong (May 14)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Andre Gironda (May 14)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Mans Nilsson (May 14)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] John R. Levine (May 15)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Mans Nilsson (May 15)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Owen DeLong (May 15)
- Re: you're not interesting, was Re: another brick in the wall[ed garden] Martin Hannigan (May 15)