Now, whether that interception and diversion of DNS queries is a
moral activity is a different question. But, if you believe
strongly enough that having a NAT in the first place puts one
into a serious state of sin, then the marginal sin of
intercepting DNS queries for private addresses, to prevent the
sort of problems those queries cause, seems to me to be fairly
small.
I probably agree. But I guess my question is "where does it end?"
That is, how many things do we change elsewhere in the network in order
to minimize the operational problems that crop up with NATs? What is
the cost of those changes, and how much do they impair the ability of
the network to support applications?