All this talk about dynamic DNS as a solution to _anything_ suprizes me.
This is an application where a key goal is to optimize recovery or
failover response time.
You'd think that people actually believed that "dynamic DNS" is scalable.
Keeping track of who to push deltas to aside, it seems to mee that one of
the key aspects of DNS, the distributed database that it is, was caching
for a significant period of time.
So, dynamic NAT + dynamic DNS, IMNSHO, is a poor solution due to the
connectivity loss during the time required to allow all the caches of all
the not-quite-bleeding-edge DNS servers to expire.
I really must be missing a key point, please tell me what it is.
That leaves BGP as the only feasible, universal solution.
Sorry, this has little to do with firewalls proper, I'll shut up.
-Aaron J. Peterson
Opinionated Network Dabbler