[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: on NAT-PT
>I think yes, were are talking about something different.
>Yes, using 'AD is secure' works and solve the particular
>problem I'm describing.
as far as i understand the use of recursive resolver (DNS-ALG) is part
of the deal in NAT-PT. so the point you made previously (nodes that
make recursive query by themselves) are not covered/supported by NAT-PT.
>What I'm saying is that imposing to use 'AD is secure'
>to operate DNSsec in IPv6 networks is a big step
>that I'm not sure I'm ready to make.
you are generalizing it too much by saying "in IPv6 networks" - what
i'm suggesting is to use "AD is secure" for NAT-PT, that's all.
it doesn't have to be imposed for all IPv6 networks.
itojun