Wildcards in reverse DNS

[Clenna Lumina]

Mark Andrews wrote:
> For those of you who think NAT's are great try connecting
> to a port forwarded service from behind a NAT.  I've yet
> to see a NAT box do this right.  The NAT box should be
> able to loop the traffic around.  Instead we are forced
> to kludge solutions to this in the DNS.

No, a *properly* behaving NAT should always allow looping back. If you 
Are runnign a NAT that doesn't allow this, then it is broken. You cannot 
put down NAT just because of broken implimentations.

> Look back through the archive of this list and you will
> see some of the problems NAT's cause.

Again, bad NAT or improperly configured NAT software/hardware is the 
problem, not NATs in and of them selves, it's a fundemental difference.

> IPv6 is a significant step forward. It has enough address
> space the every home can have it's own network with global
> address for each device in the home if they want.

Yes, but in order to use it you have to turn your network world as you 
se it upside down, and for many it doesn't seem worth all that. I think 
many are just waiting for a much beter soution.

> There are lots of things you can do when you have a
> globally routable IP address that you can't do from
> behind a NAT.

Name one. With properly configured NAT, I've not had one single problem 
routing things between various servers, no matter what they run. A 
proper NAT will allow you to set up routes to services and also allow 
the preservation of ports (other wise ceratin service do indeed break if 
they aren't routed back to an expect port and instead to a 
random-un-priv, etc etc.)

It all depends on the implimentation, and if it's behaving correctly.

NAT32e is a good example of how a properly configured NAT should behave.

> Bring on IPv6.

Bring on something better, and more compatible with IPv4, please.