nanog mailing list archives
Re: NAT etc. (was: Spam Control Considered Harmful)
From: "Sean M. Doran" <smd () clock org>
Date: 03 Nov 1997 13:49:13 -0500
"Jay R. Ashworth" <jra () scfn thpl lib fl us> writes:
This is a question of _trust_, and if I don't wish to allow the operator of a NAT box to proxy my trust in a nameserver operator, there really isn't any good way around that.
You could change your connectivity such that there is no NAT between you and the set of nameservers from which you feel you must have untouched responses. In a "NAT Everywhere" world with a sufficiently large set of such nameservers this may be completely impractical. Given that not trusting the DNS is the default mode of operation for the current Internet, the question is whether the advantages of NAT justify a constraint on DNSSEC or whether the advantages of DNSSEC justify a constraint on NAT. The problem seems simpler with a "NAT in some places" model, especially where "some places" is mostly at the borders of big corporations, however strings of NATs do and will happen, and there will be these trust issues to deal with in some places anyway. I would perfer to avoid constraining the problem just because it makes the NIMBY folks more quiescent, to be honest, since it rankles as much the concept of "only some people have to renumber to conserve address space and preserve the scalable properties of hierarchical routing. we won't, we're privileged (or too big or too understaffed)". Like renumbering, NAT is out there, and making it seamless and easy strikes me as a good and useful goal, even if it complicates other good and useful goals. One of the ways to make it and renumbering seamless is to understand that IP addresses are subject to change over time and topological distance. Sean.
Current thread:
- Re: NAT etc. (was: Spam Control Considered Harmful) Tim Salo (Nov 01)
- Communities Bradley Reynolds (Nov 01)
- Re: Communities Kirby Files (Nov 01)
- Re: Communities Bradley Reynolds (Nov 02)
- Re: Communities Sean M. Doran (Nov 03)
- Message not available
- Re: Communities James A. Farrar (Nov 02)
- Re: Communities Bradley Dunn (Nov 05)
- Re: Communities Kirby Files (Nov 01)
- Communities Bradley Reynolds (Nov 01)
- Re: NAT etc. (was: Spam Control Considered Harmful) Jay R. Ashworth (Nov 02)
- Re: NAT etc. (was: Spam Control Considered Harmful) Alan Hannan (Nov 02)
- Message not available
- Re: NAT etc. (was: Spam Control Considered Harmful) Jay R. Ashworth (Nov 02)
- Re: NAT etc. (was: Spam Control Considered Harmful) Sean M. Doran (Nov 03)
- Message not available
- Re: NAT etc. (was: Spam Control Considered Harmful) Jay R. Ashworth (Nov 03)
- Re: NAT etc. (was: Spam Control Considered Harmful) Yakov Rekhter (Nov 03)
- Message not available
- Re: NAT etc. (was: Spam Control Considered Harmful) Jay R. Ashworth (Nov 03)
- Re: NAT etc. (was: Spam Control Considered Harmful) Eric M. Carroll (Nov 03)