-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical points taken, but we need to clearly differentiate between the internal (including local director type internal) addresses and what I and the end users would consider to be published PUBLIC addresses. These had better work or we will start to lose customers followed shortly thereafter by revenue.
Our job as **OPERATORS** is to provide our subscribers with simple and reliable access to what they consider as the Global Internet. They have the following 2 reasonable expectations:
1) That they can access any publicly acessible web, ftp, email, etc server anywhere in the world by using the destination's published textual address. Without, I might add, having to know that certain locations require loading a special plug-in, changing their resolver, or artificially padding the name.
Bear in mind that in many cases, this is an illusion. They aren't accessing the same machine at all. Someone is using round robin DNS to map one name into several IP addresses, or a Local Director to map one IP address into many IP addresses, or there is some other such substitution being employed.
In some cases the party serving the data is involved in the illusion. In others, as in transparent proxying, someone along the way is intervening. This is often silent and may have the consent of neither the user/client or whoever is running the intended target.
Yet in all cases, except where something is physically broken or out of synch, the initiating user and the terminating server expect that access to information or services via a documented public mnemonic URL will provide the same information (or a cached copy of it) to every user globally. If it doesn't WE are the ones that are held responsible by the users.
Remember that, regardless of theoretical arguments, _WE_ are the ones that have to deal with the messes that result from things like this... _WE_ are the ones who will have to pay for the increased NOC and Tech Support staff and phone charges...
My point is that we are already in the world that you are warning us about. People are happily using one address space within their company and quite another to talk to the outside world, with NAT mediating between the two. Their internal DNS is also different from the DNS seen on the global Internet. And it all seems to be working exceedingly well, despite the fact the games people play with IP addresses and domain names are becoming very subtle indeed.
But once again, when they access or publish a PUBLIC URL, they have expectations that it will work and it will work the same for everyone regardless of location or ISP affiliation. I don't consider internal network workings to be public in nature. Tim -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOq/UeBRIXzEQLahvEQJJlQCg885pkVl0JedfKUHTofW2WYMqIckAn3yT FlSWsEPh4ToopQkgzJL6CfOO =j5l4 -----END PGP SIGNATURE-----