Wildcards in reverse DNS

[Karl Auer]

I wrote:
> > People can win a lot from IPv6 without having IPv6 connectivity to the
> > Internet. Autoaddressing, IPSEC, no broadcasts, VAST private address
> > space, etc.
> 
Then Clenna Lumina wrote:
> But what's the point of using it on a Private LAN? It just adds 
> confusion and lack of clarity. Not to mention for privat subnets, it'll 
> just be overkill. What's wrong with using 10.0.0.0 or 192.168.0.0 or any 
> other private subnet?

Private LANs are not the whole world. The private space offered by IPv4
is already too small for many medium to large networks. The problem is
partly the overall size of the address space, the other problem is the
waste due to subnetting. Together they make things very cramped.

There's nothing "wrong" with using IPv4 - it's just that pretty soon you
won't be *able* to, because there will be no more address space.

> Wouldn't it be better to have a better solution that could be somewhat 
> compatible with IPv4 so we don't have to get used to something so 
> radically different?

If you just mean the appearance - well, I think that's pretty
irrelevant. Most systems are administered by software, not the human
eye. I don't find IPv6 addresses particularly onerous.

> I disagree. If you think NAT is bad then you don't know how to properly 
> use one. For home and busienss LANs, you can have one IP and share it 
> among the whole LAN? How is this a BAD thing? It's a money saver. I 
> suppose that's a BAD thing too.

Careful who you talk down to, there. I certainly do know how to
configure NAT.

NAT stops you offering a service from behind it (or makes it
cumbersome). NAT behind a dynamic address stops you doing things like
SPF. NAT slows down every packet, especially in the typical cheap, slow
hardware used in home Internet connections. NAT resists new protocols,
especially if the protocol carries a source address in the payload. NAT
resists multi-connection and back-channel protocols. NAT blocks
troubleshooting from outside the NATted network (loss of end-to-end
transparency). NAT, by blocking connections from outside, is seen as a
security measure, when in fact it is no more than an obfuscation, so NAT
gives a false sense of security.

Because there are so few available IPv4 addresses, many connections are
multiply NATted, making some things completely impossible, in particular
the provision of services from within the NATted network.

As to it being a money saver, yes, it's a temporary solution that is
better than not having a consumer Internet at all. With IPv6, however,
you can have many, many addresses at home, with as many or as few as you
wish exposed to the Internet. These addresses come at a very low
marginal cost - WAY lower than even the one, single, RFC1918 address you
probably get from your ISP.

> > Even quite small organisations are running out of *private* address
> Then they have the wrong class (or length) subnet. I dare you find a 
> small organization using a private 10.0.0.0 subnet and is running out of 
> them.

I said "quite small", not "small". Maybe your idea of "small" is too
small :-) A /8 is only 16 million addresses. The population of
Australia, where I live, is 20 million. Australia is a small part of the
Internet. You do the maths - then think about giants like AOL, which
itself shrinks to insignificance beside (say) China in twenty years...

32 bit addressing is very, very cramped.

> Thats exactly what you're doing with NAT, while ignoring it's obvious 
> benefits.

Nat at all. See above.

> I don't deny it, just probably not with IPv6 as we know it.

Perhaps. But absolutely 100% definitely NOT with IPv4.

> You're also forgetting that private space is completely seperate form 
> public (Internet) space.

No, Clenna, I am not forgetting that.

> How the hell do you eve ndefine how big an IPv6 /8 network is? Deos it 
> equate to an IPv4 /8 or is it everything up to the last octet? The way 
> IPv6, it's eanything but clear and this is one of the many problems that 
> seems to be stiffling IPv6 and why most just don't use it.

If you don't know that, I am mystified as to why you think yourself
qualified to make such confident pronouncements about IPv4, let alone
IPv6.

The short answer is that it works exactly as it does in IPv4, just with
way bigger addresses. A /8 in IPv4 has 24 bits of addresses, with an
8-bit prefix. A /8 in IPv6 has 56 bits of addresses, also with an 8-bit
prefix. The address space can be further subnetted of course, just like
IPv4 address space.

> You you don't think any of it at all is at least partly do to the 
> inherently confusing nature of IPv6? (At least when compared to IPv4.) 

We find new things confusing. IPv6 is no more complicated than IPv4, we
are just not used to it.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)