On Thu, 29 Apr 2010 10:33:02 +1000 Mark Andrews <marka@isc.org> wrote:
In message <A3F2FF6F-AFE3-4ED1-AD33-5B627724930B@virtualized.org>, David Conrad writes:
Mark,
On Apr 28, 2010, at 3:07 PM, Mark Andrews wrote:
Perhaps the ability to change service providers without having to = renumber? =20 We have that ability already. Doesn't require NAT.
Cool! You've figured out, e.g., how to renumber authoritative name = servers that you don't have direct control over!
Don't do that. It was a deliberate design decision to use names rather than IP addesses in NS records. This allows the operators of the nameservers to change their addresses when they need to.
B.T.W. we have the technology to automatically update delegations if we need to and have for the last 10 years. People just need to stop being scared about doing it.
And modify filter = lists on a firewalls across an enterprise network! And remotely update = provisioning systems and license managers without interrupting services! = Etc., etc.
http://www.rfc-editor.org/internet-drafts/draft-carpenter-renum-needs-work= -05.txt
A tiny home office network managed by a highly technical individual with = full control over all aspects of the network is not a good model on = which to base the definition of "we".
Regards, -drc
Well if you insist on using IP addresses rather than real crypto for access control.
I suppose it'll protect us when Skynet emerges. I think the current security threat is the people behind the machines, not the machines themselves and their IP addresses. Regards, Mark.