On Tue, 2010-12-07 at 20:37 -0500, Ross Walker wrote: > On Dec 7, 2010, at 7:41 PM, Nico Kadel-Garcia <nkadel at gmail.com> wrote: > > > On Tue, Dec 7, 2010 at 10:04 AM, Adam Tauno Williams > > <awilliam at whitemice.org> wrote: > > > >> Bogus. The reason is that they haven't been pressured into adoption by > >> higher powers; so we will get into a nice scramble to migrate in a > >> pinch. > >> > >> "most people" have no idea what NAT is, don't care, and shouldn't have > >> to care. > >> > >> Some people's belief that NAT is some magic sauce that makes them more > >> secure [it does not] or provides them more flexibility [it does not] > >> than real addresses ... causes the people who understand networking to > >> have to spend time explaining that their love of NAT is misguided and > >> their beliefs about NAT are bogus. > > > > *I'm* a fairly expert network person. (10base2, baby, I remember > > crimping those cables!) Forcing people to specifically select the > > services they wish to expose, rather than selecting what to cut off in > > configuring a typical firewall, is basic policy automatically enforced > > by NAT. It's especially helpful to ISP's, who *do not want* to try to > > remember all those furshlugginer individual policies and find it far > > simpler in routing and firewall terms to force all traffic to the NAT. > Does this mean I have to type in URLs like: > http://3ffe:1900:4545:3:200:f8ff:fe21:67cf/ Correct syntax for that is http://[3ffe:1900:4545:3:200:f8ff:fe21:67cf]/ if you want to specify the port it goes outside the brackets http://[3ffe:1900:4545:3:200:f8ff:fe21:67cf]:8080/ > I can only image phonetically calling these off on a support call, I'd > get half way through it and the other end would tell me to "forget it > I'll wait until DNS is working again". You aren't crippled currently when DNS doesn't work? Because e-mail, Active Directory / Kerberos, and numerous other services just-don't-work without functioning DNS anyway. I'd say the network-minus-DNS is pretty much irrelevant in the real world. > In fact with DNS problems we'd be pretty much crippled. > I'd use IPv6 if the addresses weren't so hard to remember.