[13339] in North American Network Operators' Group
Re: NAT etc. (was: Spam Control Considered Harmful)
daemon@ATHENA.MIT.EDU (Alan Hannan)
Sun Nov 2 23:20:36 1997
Date: Sun, 2 Nov 1997 23:12:50 -0500
From: Alan Hannan <hannan@bythetrees.com>
To: "Jay R. Ashworth" <jra@scfn.thpl.lib.fl.us>
Cc: nanog@merit.edu
In-Reply-To: <19971102120016.12949@scfn.thpl.lib.fl.us>; from Jay R. Ashworth on Sun, Nov 02, 1997 at 12:00:16PM -0500
> Does anyone wish to correct me? I'm a pretty decent thinker, but it's
> possible I may misunderstand some specifics, I'm _not_ a DNSSEC or NAT
> mechanic.
I am not intimate with the internals of DNSSEC to comment on the
interoperability with NATs at this time.
As such, I wouldn't question your assertion. I do, however,
question this premise as being directly relevant to the
advancement of NAT use in the internet infrastructure.
It is likely that the scaling properties of the internet
will demand a change in the lower level protocols.
When this happens, the higher layer protocols (like DNSSEC) will
have to be reworked.
So DNSSEC gets broken. Fix DNSSEC after we fix the
infrastructure.
With NAT you can subdivide the network to many orders of growth.
The sum work saved by doing this vastly outweighs the work
required to adapt DNSSEC.
For example, the root name system could interoperate with the NAT
machines in a controlled manner. No, it's not a trivial task.
However, isn't it easier than renumbering the entire address space
and putting more space into the problem?
-a
