Security gain from NAT
nanog at daork.net
Wed Jun 6 05:36:55 UTC 2007
On 6/06/2007, at 2:53 PM, Roger Marquis wrote:
>> So now the cruft extends and embraces, and you have to play DNS
>> view games based on whether it's on company A's legacy net,
>> company B's legacy net, or the DMZ in between them, and start
>> poking around in the middle of DNS packets to tweak the replies
>> (which sort of guarantees you can't deploy DNSSEC).
> <IPv4 junk>
You clearly missed the start of this conversation, and my summaries
in the last couple of days, about which I am not surprised.
We were discussing IPv6, the lack of NAT was brought up as being
viewed as a blocker for security reasons, and solutions were
presented so that it no longer is, assuming adequate education is
More information about the NANOG