IXFR, NOTIFY, and NAT
Eric S. Johansson
esj at harvee.billerica.ma.us
Fri Sep 27 13:25:10 UTC 2002
David Botham wrote:
>
>>Why qualify this? Not using NAT is always the Right Thing To Do.
> Jim, are you saying that NAT is not a good idea when used in conjunction
> with DNS, or NAT is bad in general?
Jim is IMO just taking a classical geek stand on the subject. The
argument against address translation is that it's "violating" the
integrity of the packet and rewriting headers and occasionally the contents.
My, just as arrogant, opinion is that if a protocol cannot survive
traversing an address translation boundary without rewriting of the
contents, then the protocol itself is broken, not the address
translation technique.
Address translation is going to be with us for quite a while because it
is a useful security feature of firewalls (but not a sufficient security
feature by itself), conserves IPV4 address space, and, most importantly,
helps us cope with nonnegotiable, shortsighted policies by bandwidth
providers.
---eric
More information about the bind-users
mailing list