the alleged evils of NAT, was Rate of growth on IPv6 not fast enough?
Mark Smith
nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Thu Apr 29 11:08:23 UTC 2010
On Thu, 29 Apr 2010 10:33:02 +1000
Mark Andrews <marka at isc.org> wrote:
>
> In message <A3F2FF6F-AFE3-4ED1-AD33-5B627724930B at virtualized.org>, David Conrad
> writes:
> > Mark,
> >
> > On Apr 28, 2010, at 3:07 PM, Mark Andrews wrote:
> > >> Perhaps the ability to change service providers without having to =
> > renumber?
> > >=20
> > > We have that ability already. Doesn't require NAT.
> >
> > Cool! You've figured out, e.g., how to renumber authoritative name =
> > servers that you don't have direct control over!
>
> Don't do that. It was a deliberate design decision to use names
> rather than IP addesses in NS records. This allows the operators
> of the nameservers to change their addresses when they need to.
>
> B.T.W. we have the technology to automatically update delegations
> if we need to and have for the last 10 years. People just need to
> stop being scared about doing it.
>
> > And modify filter =
> > lists on a firewalls across an enterprise network! And remotely update =
> > provisioning systems and license managers without interrupting services! =
> > Etc., etc.
> >
> > http://www.rfc-editor.org/internet-drafts/draft-carpenter-renum-needs-work=
> > -05.txt
> >
> > A tiny home office network managed by a highly technical individual with =
> > full control over all aspects of the network is not a good model on =
> > which to base the definition of "we".
> >
> > Regards,
> > -drc
>
> Well if you insist on using IP addresses rather than real crypto for access
> control.
>
I suppose it'll protect us when Skynet emerges.
I think the current security threat is the people behind the
machines, not the machines themselves and their IP addresses.
Regards,
Mark.
More information about the NANOG
mailing list