| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Jan 2014 17:38:27 +0400 From: Alexey Kuznetsov <kuznet@....inr.ac.ru> To: François-Xavier Le Bail <fx.lebail@...oo.com> Cc: netdev@...r.kernel.org, Hannes Frederic Sowa <hannes@...essinduktion.org>, "David S. Miller" <davem@...emloft.net>, James Morris <jmorris@...ei.org>, Hideaki Yoshifuji <yoshfuji@...ux-ipv6.org>, Patrick McHardy <kaber@...sh.net> Subject: Re: [PATCH net-next] IPv6: enable TCP to use an anycast address Hello! On Sat, Jan 11, 2014 at 5:06 PM, François-Xavier Le Bail <fx.lebail@...oo.com> wrote: > Many DNS root-servers use TCP with anycast (IPv4 and IPV6). > > see : http://tools.ietf.org/html/draft-jabley-dnsop-anycast-mapping-04#section-4 > > " L-Root service is provided using a single IPv4 address (199.7.83.42) > and a single IPv6 address (2001:500:3::42). It should be noted that > it is preferable to refer to the service using its DNS name (L.ROOT- > SERVERS.NET) rather than literal addresses, since addresses can > change from time to time." Is this all? It looks like this implies routing by deep packet inspection, fetching some creepy node identification options from inside DNS payload (not written directly, but implied). This smells funky. Actually, I was alerted by reset processing in your patch, it cannot be right. Do not you think this must not be enabled for common use? At least some separate sysctl disabled by default. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists