Wildcards in reverse DNS

Mark Andrews Mark_Andrews at isc.org
Sat Jan 6 01:26:24 UTC 2007

> Hi
> There are some benefits from using NAT that have not been discussed yet.
> This comment may seem political, but the technology must also enable
> solutions to solve those issues.
> It has been discussed that there is no need to have any private
> namespace with IPv6. Technically that is correct, privacy-wise I do not
> necessarily agree. It has also been said that e.g. my next refrigerator
> will have internet access and will order new groceries when supply is
> low or stuff is getting too old. I don't know about everyone else but in
> my house there will be one and only one person with access to my
> refrigerator, that person is me; not any store, not any hacker, not any
> government health department, not anyone else.
> For that reason I will get what amounts to a NAT/firewall with an
> effective block against access between my refrigerator and the internet.
> A NAT is a very handy thing in that respect, combined with a firewall
> that is effective today and probably a long time still.
> Now I use a refrigerator as an example, I am sure you can bring up some
> example from your future life that you want exclusive access to.
> All discussions I have heard so far about the virtues of IPv6 forget the
> privacy issue, if there is no path, hacking becomes much harder.
> I agree that we need a bigger address space; but the idea that
> everything must be reachable from the public internet is plain wrong,
> there will be many things that will be better off when not reachable.
> Sorry if this is out of line.

	This is a classic example of applying a IPv4 solution to a
	IPv6 network.

	I really don't see why people insist that they need port /
	address translation.  A statefull firewall is just as good
	at providing protection and doesn't have the down sides
	introduced as a side effect of the port / address translation.

	If you don't want there to be any path to the equipment
	don't let it use a global prefix.  Use a link local or a
	locally assigned local addresses if you have more than one
	internal network.

	Remember a IPv6 node will often have 3 or more addresses
	on each NIC.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list