Wildcards in reverse DNS
Mark_Andrews at isc.org
Fri Jan 5 21:47:08 UTC 2007
> At 0:24 +1100 1/6/07, Mark Andrews wrote:
> > NAT is broken by design. It depends upon there being a unique
> > indentifier in the upper layer protocols to demux the incoming
> > data stream. No such identifier exist for *all* protocols that
> > run on top of IPv4.
> I don't really agree with that. Many protocols were built without
> unique identifiers, such as DNS, assuming they could rely on IP
> addresses and port numbers. That could be called "efficient design"
> and therefore NAT is a malady, or it could be called "a layer
> violation" that is the reason why NAT makes the protocol stumble.
> Yes, it is true that NAT causes problems for protocols. But I am not
> convinced the problem lies with NAT, the cause is at least shared by
> the protocol designers.
How could it be the fault of the protocol designer when the
properties of the network have changed underneath the
protocol designer. Most of the protocols were written when
IP addresses in IP header didn't change between source and
destination. The packets had enough unique information to
get the responses back to the originator.
I was really thinking about protocols other than UDP and TCP.
There are some of them which a node to node not application to
application so they don't even have a concept like 'port' that
UDP and TCP have.
> > Have you run a IPv6 network?
> I used to but I don't anymore. ;) The IPv6 routing mesh is not
> resilient enough to be reliable for me. When I set up my first
> authoritative DNS servers I ran traceroutes from them to the then 4
> root servers with IPv6 addresses and go through to only 1. I worked
> on the other 3 until I got to them, for one of the cases, a special
> tunnel had to be built that was against an ISP's policy for routing
> to make it work. The tunnel didn't last, it was up for a few months
> before they decided it was not worth the trouble to maintain. And
> this was for me, at an "infrastructural institution" to reach a root
> server. I.e., stuff that should be main-line.
I rarely have problem today with IPv6 connectivity despite
my tunnel going into a first generation IPv6 router that
was a cast off at the remote end. No. it doesn't go directly
to ISC. It's 10 IPv6 hops vs 14 IPv4 hops between the
machines I usually work on. The tunnel from my home network
to the other end if 10 IPv4 hops.
> > It just works.
> I hope it will someday. Yes, the protocols work. And there are
> large pockets of IPv6 working. But it is still immature, at least in
> my economy. Operationally there are barriers to deployment. Here's
> a proof by contradiction - if there were no barriers, we wouldn't
> even be having this discussion.
No. It's just new for most people so they havn't experienced it.
> I have no reason to be against IPv6. I have no reason to be for it
> either. But I am tired of hearing about how "ready it is" now.
> Don't oversell it, please. Hype causes a bad reputation.
> > IPv6 is very compatible with IPv4. Just about everything
> > that works with IPv4 will work with IPv6 provided the
> > implementations have the socket establishment re-written
> > to be protocol independent. There are a few exception and
> > they usually embed IPv4 addresses in the upper layers.
> Provided everything is "re-written" to me indicates that there isn't
> compatibility. It's like saying any American can travel easily
> through China once you learn Chinese. (I.e., learning Chinese for an
> American is a lot of work, it can be done but it takes a lot of
No. It mean that if you have legacy code it needs a minor
re-write. Something that most programers could do in a
> Again, I am not saying IPv6 is bad. Just don't over sell it. IPv6
> takes work. Probably the work will payoff - I can't say for sure
> myself. The fact is that the Internet needs more addresses than IPv4
> can offer and IPv6 can fill the void. But IPv6 still has routing
> issues. That's why I can only say "probably" pay off.
Both IPv4 and IPv6 have routing issues. They are roughly
the same. However IPv6 was designed to ease the problems
of renumbering which should, in theory, relieve some of the
One of the biggest problem is that people try to apply IPv4
solutions to IPv6 rather than take advantage of what IPv6
offers. IPv6 addresses lots of problems identified with
IPv4, not just the number of addresses.
NAT is a IPv4 solution to a IPv4 problem. IPv6 eliminates
the need to do NAT.
> Edward Lewis +1-571-434-5468
> Dessert - aka Service Pack 1 for lunch.
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users