NAT etc. (was: Spam Control Considered Harmful)

Alan Hannan hannan at
Mon Nov 3 04:12:50 UTC 1997

> Does anyone wish to correct me?  I'm a pretty decent thinker, but it's
> possible I may misunderstand some specifics, I'm _not_ a DNSSEC or NAT
> mechanic.

  I am not intimate with the internals of DNSSEC to comment on the
  interoperability with NATs at this time.

  As such, I wouldn't question your assertion.  I do, however,
  question this premise as being directly relevant to the
  advancement of NAT use in the internet infrastructure.

  It is likely that the scaling properties of the internet
  will demand a change in the lower level protocols.

  When this happens, the higher layer protocols (like DNSSEC) will
  have to be reworked.

  So DNSSEC gets broken.  Fix DNSSEC after we fix the

  With NAT you can subdivide the network to many orders of growth.
  The sum work saved by doing this vastly outweighs the work
  required to adapt DNSSEC.  

  For example, the root name system could interoperate with the NAT
  machines in a controlled manner.  No, it's not a trivial task.
  However, isn't it easier than renumbering the entire address space
  and putting more space into the problem?


More information about the NANOG mailing list