>
> Firewalls are no reason for a two faced DNS. Those are forced upon us by
> NAT, because of the re-use of addresses. With IPv6 we will have no need
> to re-use addresses, and so no reason to bother with two faced DNS (which
> isn't to say that they may not still be people who would prefer to use
it).
>
It is funny for you to say that with IPv6 we don't need to use re-used
addresses, because a site local address *is* a kind of re-used address.
There is a lot of similarity architecturally between net 10 in IPv4 and site
local addresses
in IPv6. Niether can be globally routed. Both spaces are re-used by large
numbers
of sites, and from casual inspection of a site-local address, outside the
context of the inspection point, you can't tell what site it belongs to.
And clearly people feel a need to use them or we wouldn't be
having this discussion.
The reason we aren't forced into two-faced DNS with IPv6 is that *in
addition to* the re-used (aka site-local) addresses, IPv6 nodes also have
global addresses, and these can be leveraged to determine if a given re-used
address is in the same site or a different site.
On a separate note, I know this is probably just digging up dead
discussions, but have people considered creating a new IPv6 space which is
"globally unique but not globally routable" for use in this sort of internal
site communications? Such an address space would be useful, for instance,
when merging two sites (which, if using site-local addresses, will require
renumbering of one of the sites).
Such addresses (lets call them unique-local addresses) could be put in DNS
without concern for thier being mis-interpreted by other nodes. Granted
when a node did a DNS lookup, it wouldn't know if a given unique-local
address was in the same site, but it could learn easily by just sending a
packet to that address and either succeeding or getting an ICMP dest
unreachable.
PF
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
