NAT etc. (was: Spam Control Considered Harmful)
Alan Hannan
hannan at bythetrees.com
Mon Nov 3 04:12:50 UTC 1997
> Does anyone wish to correct me? I'm a pretty decent thinker, but it's
> possible I may misunderstand some specifics, I'm _not_ a DNSSEC or NAT
> mechanic.
I am not intimate with the internals of DNSSEC to comment on the
interoperability with NATs at this time.
As such, I wouldn't question your assertion. I do, however,
question this premise as being directly relevant to the
advancement of NAT use in the internet infrastructure.
It is likely that the scaling properties of the internet
will demand a change in the lower level protocols.
When this happens, the higher layer protocols (like DNSSEC) will
have to be reworked.
So DNSSEC gets broken. Fix DNSSEC after we fix the
infrastructure.
With NAT you can subdivide the network to many orders of growth.
The sum work saved by doing this vastly outweighs the work
required to adapt DNSSEC.
For example, the root name system could interoperate with the NAT
machines in a controlled manner. No, it's not a trivial task.
However, isn't it easier than renumbering the entire address space
and putting more space into the problem?
-a
More information about the NANOG
mailing list