From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]On Behalf Of
Sent: May 15, 2001 12:03 PM
To: Valdis.Kletnieks () vt edu; Adam McKenna
Cc: nanog () nanog org
Subject: Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
Forcing hostnames and PTR's to match will also prevent people from NAT
land accessing your servers. There are hardly any NAT implementations
that do dynamic DNS updates.
Your NAT implementation must not be the same as the ones I've worked with,
because with the [simple] ones I've seen, you have something like
192.168.0.0/24 all coming out and talking to the world as 184.108.40.206 (the more
elaborate implementations give each private IP a unique outside IP, in which
case you just set up your DNS for each IP. A little more work, perhaps,
but...). Now, if 220.127.116.11 has proper matching forward/reverse DNS lookups, I
don't see how people behind someone else's NAT pose a problem.