Wildcards in reverse DNS
Mark Andrews
Mark_Andrews at isc.org
Sat Jan 6 01:26:24 UTC 2007
> Hi
>
> There are some benefits from using NAT that have not been discussed yet.
> This comment may seem political, but the technology must also enable
> solutions to solve those issues.
>
> It has been discussed that there is no need to have any private
> namespace with IPv6. Technically that is correct, privacy-wise I do not
> necessarily agree. It has also been said that e.g. my next refrigerator
> will have internet access and will order new groceries when supply is
> low or stuff is getting too old. I don't know about everyone else but in
> my house there will be one and only one person with access to my
> refrigerator, that person is me; not any store, not any hacker, not any
> government health department, not anyone else.
> For that reason I will get what amounts to a NAT/firewall with an
> effective block against access between my refrigerator and the internet.
> A NAT is a very handy thing in that respect, combined with a firewall
> that is effective today and probably a long time still.
>
> Now I use a refrigerator as an example, I am sure you can bring up some
> example from your future life that you want exclusive access to.
>
> All discussions I have heard so far about the virtues of IPv6 forget the
> privacy issue, if there is no path, hacking becomes much harder.
>
> I agree that we need a bigger address space; but the idea that
> everything must be reachable from the public internet is plain wrong,
> there will be many things that will be better off when not reachable.
>
> Sorry if this is out of line.
This is a classic example of applying a IPv4 solution to a
IPv6 network.
I really don't see why people insist that they need port /
address translation. A statefull firewall is just as good
at providing protection and doesn't have the down sides
introduced as a side effect of the port / address translation.
If you don't want there to be any path to the equipment
don't let it use a global prefix. Use a link local or a
locally assigned local addresses if you have more than one
internal network.
Remember a IPv6 node will often have 3 or more addresses
on each NIC.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list