Dns is essential already.
Firewalls can cope
From: Joe Touch [mailto:email@example.com]
Sent: Sun Mar 19 21:02:42 2006
To: firstname.lastname@example.org; email@example.com; firstname.lastname@example.org
Subject: Re: Guidance needed on well known ports
Hallam-Baker, Phillip wrote:
>> From: Joe Touch [mailto:touch@ISI.EDU]
>> And with what port would I reach this magical DNS that would
>> provide the SRV record for the DNS itself?
> You use fixed ports for the bootstrap process and only for the bootstrap
Which means that the DNS port needs to be well-known or fixed in advance.
Some other issues to be considered:
- this change would make the DNS required for proper Internet
operation, whereas it is currently optional (i.e., only for
finding the IP address).]
- hosts may run services but not have control over their own
DNS entry (or SRV records)
- firewalling based on ports would no longer be useful
(one could argue it should not be, but that's a different issue)
>>> Fixed ports do not work behind NAT. Anyone who wants to deploy IPv6
>>> would be well advised to pay careful attention to that restriction.
>>> SRV ports work just fine behind a NAT.
>> Except that many NATs also intercept DNS requests and
>> redirect them to their own servers, for their own purposes,
>> which can interfere with SRV records (by design).
> People who do this are rarely trying to break things.
They don't *try* to break things, but then tend to. ;-)
As to 'by design', they're not so much trying to break as to 'help'
(usually for their own purposes).
Ietf mailing list