Wildcards in reverse DNS

Edward Lewis Ed.Lewis at neustar.biz
Fri Jan 5 15:08:13 UTC 2007


At 0:24 +1100 1/6/07, Mark Andrews wrote:

>	NAT is broken by design.  It depends upon there being a unique
>	indentifier in the upper layer protocols to demux the incoming
>	data stream.  No such identifier exist for *all* protocols that
>	run on top of IPv4.

I don't really agree with that.  Many protocols were built without 
unique identifiers, such as DNS, assuming they could rely on IP 
addresses and port numbers.  That could be called "efficient design" 
and therefore NAT is a malady, or it could be called "a layer 
violation" that is the reason why NAT makes the protocol stumble.

Yes, it is true that NAT causes problems for protocols.  But I am not 
convinced the problem lies with NAT, the cause is at least shared by 
the protocol designers.

>	Have you run a IPv6 network?

I used to but I don't anymore. ;)  The IPv6 routing mesh is not 
resilient enough to be reliable for me.  When I set up my first 
authoritative DNS servers I ran traceroutes from them to the then 4 
root servers with IPv6 addresses and go through to only 1.  I worked 
on the other 3 until I got to them, for one of the cases, a special 
tunnel had to be built that was against an ISP's policy for routing 
to make it work.  The tunnel didn't last, it was up for a few months 
before they decided it was not worth the trouble to maintain.  And 
this was for me, at an "infrastructural institution" to reach a root 
server.  I.e., stuff that should be main-line.

>	It just works.

I hope it will someday.  Yes, the protocols work.  And there are 
large pockets of IPv6 working.  But it is still immature, at least in 
my economy.  Operationally there are barriers to deployment.  Here's 
a proof by contradiction - if there were no barriers, we wouldn't 
even be having this discussion.

I have no reason to be against IPv6.  I have no reason to be for it 
either.  But I am tired of hearing about how "ready it is" now. 
Don't oversell it, please.  Hype causes a bad reputation.

>	IPv6 is very compatible with IPv4.  Just about everything
>	that works with IPv4 will work with IPv6 provided the
>	implementations have the socket establishment re-written
>	to be protocol independent.  There are a few exception and
>	they usually embed IPv4 addresses in the upper layers.

Provided everything is "re-written" to me indicates that there isn't 
compatibility.  It's like saying any American can travel easily 
through China once you learn Chinese.  (I.e., learning Chinese for an 
American is a lot of work, it can be done but it takes a lot of 
dedication.)

Again, I am not saying IPv6 is bad.  Just don't over sell it.  IPv6 
takes work.  Probably the work will payoff - I can't say for sure 
myself.  The fact is that the Internet needs more addresses than IPv4 
can offer and IPv6 can fill the void.  But IPv6 still has routing 
issues.  That's why I can only say "probably" pay off.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Dessert - aka Service Pack 1 for lunch.



More information about the bind-users mailing list