Wildcards in reverse DNS

Marc Haber mh+bind-users at zugschlus.de
Fri Jan 5 09:20:45 UTC 2007


On Thu, Jan 04, 2007 at 02:24:11PM -0800, Clenna Lumina wrote:
> Mark Andrews wrote:
> > For those of you who think NAT's are great try connecting
> > to a port forwarded service from behind a NAT.  I've yet
> > to see a NAT box do this right.  The NAT box should be
> > able to loop the traffic around.  Instead we are forced
> > to kludge solutions to this in the DNS.
> 
> No, a *properly* behaving NAT should always allow looping back. If you 
> Are runnign a NAT that doesn't allow this, then it is broken. You cannot 
> put down NAT just because of broken implimentations.

Just show me how to do IPSEC AH via NAT. Or how to connect to a
service that does RFC1413 ident lookups and actually does something
with the returned value.

Even trying to have a mail server HELO with the right host name,
regardless of whether the machine connected to is on the internal or
an external network, is a challenge if NAT is in the game.

> > IPv6 is a significant step forward. It has enough address
> > space the every home can have it's own network with global
> > address for each device in the home if they want.
> 
> Yes, but in order to use it you have to turn your network world as you 
> se it upside down, and for many it doesn't seem worth all that. I think 
> many are just waiting for a much beter soution.

IPv6 _IS_ this much better solution.

> > There are lots of things you can do when you have a
> > globally routable IP address that you can't do from
> > behind a NAT.
> 
> Name one. With properly configured NAT, I've not had one single problem 
> routing things between various servers, no matter what they run.

Then you have not tried a lot of things.

> > Bring on IPv6.
> 
> Bring on something better, and more compatible with IPv4, please. 

You're trying to be washed without getting wet. IPv4's fundamental
problem is too small address space. IPv6 is simply just IP with longer
addresses. And it is very compatible.

This whole thread sounds like you're desperately trying to find a
problem for _your_ solution because you're afraid to learn something
new.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



More information about the bind-users mailing list