Wildcards in reverse DNS

Sten Carlsen ccc2716 at vip.cybercity.dk
Sat Jan 6 01:49:58 UTC 2007

Mark Andrews wrote:
> 	This is a classic example of applying a IPv4 solution to a
> 	IPv6 network.
This is very likely, it probably takes some time and effort with the
thing in real life too get a feel for what is possible and what is
"natural" for any new system. This underlines that transition from IPv4
to IPv6 is not just more bits, but rather completely new ways to think.
> 	I really don't see why people insist that they need port /
> 	address translation.
I don't necessarily want that, I want the effects that it gives in an
IPv4 network. Isolation and hiding. If other mechanisms, not known in
IPv4 networks, can provide that, it is fine with me.

For some things I want that they can initiate a connection to the net,
but are hidden so NO connection can be made from the outside to those
devices. How can that be achieved without NAT in an IPv6 system?
>   A statefull firewall is just as good
> 	at providing protection and doesn't have the down sides
> 	introduced as a side effect of the port / address translation.
I will take your word for that, I still feel there might be more risk.
That could be missing time and effort on my side. On the other side that
suggests a lot of misconfigured firewalls in the future until people
learn how to do it. "A hackers paradise"?
> 	If you don't want there to be any path to the equipment
> 	don't let it use a global prefix.  Use a link local or a
> 	locally assigned local addresses if you have more than one
> 	internal network.
Does that mean that a local DHCP server is needed? Or is a fixed address
the best way?
This is an example of what could be the misunderstandings that create
this kind of debate, it also underlines that the transition is NOT
simple as has been said.
> 	Remember a IPv6 node will often have 3 or more addresses
> 	on each NIC.
That worries me a bit, I guess that will resolve itself as IPv6 becomes
more common in discussions.
> 	Mark

Best regards

Sten Carlsen

No improvements come from shouting:


More information about the bind-users mailing list