Today in our newest take on “older technology is better”: why NAT rules!
Ipv6 is not 6 bytes? 8 segments of 2 bytes for a sum of 16 bytes?
Or am I stupid right now?
Slightly related to the issue of remembering addresses, I think the main issue is with the fact that local nameservers are pretty much non-existent if you’re not running OpenWrt or OpnSense. Which is shameful because the local nameserver is an amazing quality of life tool.
Also the fact that officially there are no local TLDs except for “.arpa” while browsers won’t resolve one word domains without adding http://
And don’t get me started on TLS certificates in local networks… (although dns01 saves the day)
I’ve taken to using .here
(or .aqui
, “here” in Español, much harder to match outside) as alternatives until something better comes up.
Ideally I’d use .aquí
, correctly with the diacritic, but DNS doesn’t seem to support even the basics of Unicode in 2024.
Well, there is Punycode, which, if I understand correctly, is a layer before DNS, which translates a Unicode string into a DNS-compatible ASCII string.
I don’t actually recommend using that, though. Every so often, the ugly ASCII string shows up in places, because Punycode translation isn’t implemented there. Certainly increases administration complexity.
I think it’s worth taking the time to learn IPv6 property. If you have a good understanding of IPv4 it shouldn’t take you more than an afternoon.
Eliminating NAT and just using firewall rules (ie what NAT does behind your back) is incredibly freeing.
I don’t get people complaining about typing out IPs. I like to give all of my clients full FQDNs but you don’t have to. Just using mDNS would be enough to avoid typing a bunch of numbers.
Maybe I have Stockholm Syndrome, but I like NAT. It’s like, due to the flaws of IPv4 we basically accidentally get subnets segmented off, no listening ports, have to explicitly configure port forwarding to be able to listen for connections, which kinda implies you know what you’re doing (ssshh don’t talk about UPnP). Accidental security of a default deny policy even without any firewalls configured. Haha. I’m still getting into this stuff though, please feel free to enlighten me
Bro used <> instead of !=
Typing addresses in ipv4 is ingrained into my brain, but zero NATing with ipv6 is magical.