[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: on NAT-PT



> i don't think this a problem in na(p)t-pt, but more a problem in the way
> dns-alg works. for instance, if we could configure the dns-alg in such a way
> that it does the following:
> 1)maintain a table which maps the source ip address of the dns query and the
> type of query ("A" or "AAAA")
> 2)generate a dual-query ("A" + "AAAA") every time a dns query is detected.
> 3)when it intercepts a dns response it should
> ->translate the "A" response to "AAAA" response if the original quey was
> "AAAA" and the response is "A" only
> ->translate the "AAAA" response to "A" response if the original query was
> "A" and the response is "AAAA" only
> ->forward the "A" response only , if the original query was "A" and a dual
> response is received.
> ->forward the "AAAA" response only , if the original query was "AAAA" and a
> dual response is received.
> 

it's simply not reasonable to make assumptions about the capability of
the host that will be using the result of a DNS query, from the IP address
(or kind of IP address) of the host that submits a DNS query.  there are
too many ways that this can go wrong.  in general the host that uses
the result of a query is not necessarily the same as the host that makes
the query.

Keith