Wildcards in reverse DNS
Edward Lewis
Ed.Lewis at neustar.biz
Fri Jan 5 15:08:13 UTC 2007
At 0:24 +1100 1/6/07, Mark Andrews wrote:
> NAT is broken by design. It depends upon there being a unique
> indentifier in the upper layer protocols to demux the incoming
> data stream. No such identifier exist for *all* protocols that
> run on top of IPv4.
I don't really agree with that. Many protocols were built without
unique identifiers, such as DNS, assuming they could rely on IP
addresses and port numbers. That could be called "efficient design"
and therefore NAT is a malady, or it could be called "a layer
violation" that is the reason why NAT makes the protocol stumble.
Yes, it is true that NAT causes problems for protocols. But I am not
convinced the problem lies with NAT, the cause is at least shared by
the protocol designers.
> Have you run a IPv6 network?
I used to but I don't anymore. ;) The IPv6 routing mesh is not
resilient enough to be reliable for me. When I set up my first
authoritative DNS servers I ran traceroutes from them to the then 4
root servers with IPv6 addresses and go through to only 1. I worked
on the other 3 until I got to them, for one of the cases, a special
tunnel had to be built that was against an ISP's policy for routing
to make it work. The tunnel didn't last, it was up for a few months
before they decided it was not worth the trouble to maintain. And
this was for me, at an "infrastructural institution" to reach a root
server. I.e., stuff that should be main-line.
> It just works.
I hope it will someday. Yes, the protocols work. And there are
large pockets of IPv6 working. But it is still immature, at least in
my economy. Operationally there are barriers to deployment. Here's
a proof by contradiction - if there were no barriers, we wouldn't
even be having this discussion.
I have no reason to be against IPv6. I have no reason to be for it
either. But I am tired of hearing about how "ready it is" now.
Don't oversell it, please. Hype causes a bad reputation.
> IPv6 is very compatible with IPv4. Just about everything
> that works with IPv4 will work with IPv6 provided the
> implementations have the socket establishment re-written
> to be protocol independent. There are a few exception and
> they usually embed IPv4 addresses in the upper layers.
Provided everything is "re-written" to me indicates that there isn't
compatibility. It's like saying any American can travel easily
through China once you learn Chinese. (I.e., learning Chinese for an
American is a lot of work, it can be done but it takes a lot of
dedication.)
Again, I am not saying IPv6 is bad. Just don't over sell it. IPv6
takes work. Probably the work will payoff - I can't say for sure
myself. The fact is that the Internet needs more addresses than IPv4
can offer and IPv6 can fill the void. But IPv6 still has routing
issues. That's why I can only say "probably" pay off.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
Dessert - aka Service Pack 1 for lunch.
More information about the bind-users
mailing list