Wildcards in reverse DNS

Marc Haber mh+bind-users at zugschlus.de
Sat Jan 6 09:29:15 UTC 2007

On Fri, Jan 05, 2007 at 09:42:35PM +0100, Marc Haber wrote:
> On Fri, Jan 05, 2007 at 10:31:23AM -0800, Clenna Lumina wrote:
> > My last company I worked for was running IPSEC (VPN, etc) through their 
> > (properly) NATed firewall without any problems.
> I guess that this was IPSEC tunnel mode. I specifically asked for
> IPSEC AH for a reason.

Additionally, even IPSEC in tunnel mode does not traverse NAT
naturally. There is a number of (mutually incompatible) mechanisms to
add NAT traversal to IPSEC (most of them using one or another kind of
UDP encapsulation), but since these are not well standardized, these
mechanisms are the main cause of the fact that IPSEC is a real pain to
get running if both sides of the connection are not made by the same

IPSEC was supposed to be interoperable in between vendors just as IPv4
is. NAT has successfully broken this interoperability, and it has done
so while successfully making things look like it's all IPSECs fault.


Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835

More information about the bind-users mailing list