- From: Patrik Fältström <paf@cisco.com>
- Date: Wed, 22 Aug 2001 10:04:23 +0200
- To: Keith Moore <moore@cs.utk.edu>, Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
- cc: jpalme@dsv.su.se, discuss@apps.ietf.org
--On 01-08-14 12.40 -0400 Keith Moore <moore@cs.utk.edu> wrote: > If we used SRV records to pick ports then the firewalls would just > intercept DNS queries to know which ports to intercept, and this > would just create a bigger mess. Especially given that NATs do > something like this already. Let me ask you if you think a variant of this is ok: (1) Let's say we have a DNS server which when it gets a DNS query _requests_ an ip address and port number combination, just like you can request an IP address from a DHCP server. After getting the data back, that ip-address/port number is given back in DNS. (2) Let's say the application on the inside of the firewall is requesting an IP-address / port number from a firewall, and when the data is returned, dynamic update in DNS is used to update the SRV which is given back to the requesting client. Is (1) and/or (2) ok? I.e. I feel the real question is how one in a legitimate way can request a (virtual) portnumber and ip address can be requested from for example a firewall, NAT box or whatever. paf
Received on Wednesday, 22 August 2001 04:38:01 UTC