NNPS / TCP port 433

Grant Taylor gtaylor at tnetconsulting.net
Sun Dec 12 18:03:07 UTC 2021


On 12/12/21 10:50 AM, Russ Allbery wrote:
> I think email clients mostly use manual configuration, even.  I've 
> yet to work somewhere where the email servers were autodiscovered. 

I've pondered supporting auto-configuration for my email server.  But 
then again, I've always considered it as somewhat of a bullseye on the 
side of the barn in the form of "the service you're wanting to attack is 
over there".  But as I type this, the barn door is open when services 
are on their default port.

I do see some value in SRV records for things like SSH and moving it to 
an alternate port.  But I don't think I'd want those SRV records to be 
globally available.  :-/

> The most natural way to use SRV records, particularly across protocols, 
> is to ask DNS for the values of all the SRV records in question and 
> then sort and apply logic to them within the client.

Ya.  I think that's my primary concern with multi-protocol SRV records. 
You must make multiple DNS queries, one for each protocol.

Aside:  My SVCB example could have been compacted to a single query with 
target information provided in additional info.

> That's what Kerberos does, for example.  It unfortunately means 
> handling the DNS lookups directly in the client and not outsourcing 
> them to a program like netcat or telnet that isn't aware of what 
> protocol you're using.

Yep.  The lack of retrofitting is one of the holdups for me.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20211212/7c1fcdcd/attachment.bin>


More information about the inn-workers mailing list