NNPS / TCP port 433
Grant Taylor
gtaylor at tnetconsulting.net
Sun Dec 12 18:03:07 UTC 2021
On 12/12/21 10:50 AM, Russ Allbery wrote:
> I think email clients mostly use manual configuration, even. I've
> yet to work somewhere where the email servers were autodiscovered.
I've pondered supporting auto-configuration for my email server. But
then again, I've always considered it as somewhat of a bullseye on the
side of the barn in the form of "the service you're wanting to attack is
over there". But as I type this, the barn door is open when services
are on their default port.
I do see some value in SRV records for things like SSH and moving it to
an alternate port. But I don't think I'd want those SRV records to be
globally available. :-/
> The most natural way to use SRV records, particularly across protocols,
> is to ask DNS for the values of all the SRV records in question and
> then sort and apply logic to them within the client.
Ya. I think that's my primary concern with multi-protocol SRV records.
You must make multiple DNS queries, one for each protocol.
Aside: My SVCB example could have been compacted to a single query with
target information provided in additional info.
> That's what Kerberos does, for example. It unfortunately means
> handling the DNS lookups directly in the client and not outsourcing
> them to a program like netcat or telnet that isn't aware of what
> protocol you're using.
Yep. The lack of retrofitting is one of the holdups for me.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20211212/7c1fcdcd/attachment.bin>
More information about the inn-workers
mailing list