Port Randomization for NAT devices
Steven Stromer
filter at stevenstromer.com
Mon Aug 11 20:58:24 UTC 2008
I know that I risk being accused of posting off-topic, but the
masters of the DNS universe all seem to hang at this watering hole,
so here goes. Obviously, many, if not most DNS servers are either
located publicly, or in some form of DMZ. However, there are likely a
great number behind NAT devices (Disclosure: I have one that *should*
presently be serving internal queries at one of my SMB-sized
customers). Looking around for statements from Netgear and Linksys, I
could not find a single comment put forth by either regarding their
position on addressing the rewriting of ports on outbound DNS
queries. Would it not be nearly as important to push these vendors to
address this issue in their firmware in a public and timely manner
(as in, 'last month'), as it has been to upgrade DNS servers? Would
these vendors not respond more quickly to pressure from high profile
industry persons than from home users posting to unread support
forums? Is this already happening behind the scenes? Who is best
qualified to lead such an initiative?
Sincerely,
Steven Stromer
More information about the bind-users
mailing list