> Now, whether that interception and diversion of DNS queries is a > moral activity is a different question. But, if you believe > strongly enough that having a NAT in the first place puts one > into a serious state of sin, then the marginal sin of > intercepting DNS queries for private addresses, to prevent the > sort of problems those queries cause, seems to me to be fairly > small. I probably agree. But I guess my question is "where does it end?" That is, how many things do we change elsewhere in the network in order to minimize the operational problems that crop up with NATs? What is the cost of those changes, and how much do they impair the ability of the network to support applications?