the alleged evils of NAT, was Rate of growth on IPv6 not fast enough?

Mark Smith nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Thu Apr 29 11:08:23 UTC 2010


On Thu, 29 Apr 2010 10:33:02 +1000
Mark Andrews <marka at isc.org> wrote:

> 
> In message <A3F2FF6F-AFE3-4ED1-AD33-5B627724930B at virtualized.org>, David Conrad
>  writes:
> > Mark,
> > 
> > On Apr 28, 2010, at 3:07 PM, Mark Andrews wrote:
> > >> Perhaps the ability to change service providers without having to =
> > renumber?
> > >=20
> > > We have that ability already.  Doesn't require NAT.
> > 
> > Cool!  You've figured out, e.g., how to renumber authoritative name =
> > servers that you don't have direct control over!
> 
> Don't do that.  It was a deliberate design decision to use names
> rather than IP addesses in NS records.  This allows the operators
> of the nameservers to change their addresses when they need to.
> 
> B.T.W. we have the technology to automatically update delegations
> if we need to and have for the last 10 years.  People just need to
> stop being scared about doing it.
> 
> > And modify filter =
> > lists on a firewalls across an enterprise network!  And remotely update =
> > provisioning systems and license managers without interrupting services! =
> >  Etc., etc.
> > 
> > http://www.rfc-editor.org/internet-drafts/draft-carpenter-renum-needs-work=
> > -05.txt
> > 
> > A tiny home office network managed by a highly technical individual with =
> > full control over all aspects of the network is not a good model on =
> > which to base the definition of "we".
> > 
> > Regards,
> > -drc
> 
> Well if you insist on using IP addresses rather than real crypto for access
> control.
> 

I suppose it'll protect us when Skynet emerges.

I think the current security threat is the people behind the
machines, not the machines themselves and their IP addresses.

Regards,
Mark.




More information about the NANOG mailing list