[Unbound-users] DNS64 patch for Unbound

Ondřej Surý ondrej at sury.org
Tue Jul 1 10:03:49 UTC 2014 

Hi Wouter,

I am just throwing another mail in support of integrating DNS64
patch into Unbound.

O.
P.S.: I am writing this from NAT64 network we have setup at CZ.NIC.
And I fully agree with Carsten that NAT64 actually help the transition
and not hinder it.

There are some apps that are still broken without legacy IP, but I am
even considering to enable this as a default setup at my home.

On Mon, Jun 30, 2014, at 15:20, Carsten Strotmann wrote:
> Hello Wouter,
> 
> W.C.A. Wijngaards writes:
> > Is NAT64 considered this important?  We would be happy to incorporate
> > the patch if this is considered useful to many users.  NAT64 for DNS
> > does involve allowing others to inject new addresses in a new netblock
> > for arbitrary names, and as such carries a little bit of security
> > considerations.  So, I would hesitate to enable this by default.  But
> > the option could certainly be useful, as we would like to help the
> > IPv4 to IPv6 transition.  What do other users think about this?
> 
> I see DNS64/NAT64 as a tool to reduce complexity in the IPv4->IPv6
> transition phase by removing the need to run full dual stack in order to
> reach legacy IPv4 resources in the Internet. 
> 
> With DNS64 networks can go IPv6 native and use DNS64/NAT64 to access old
> IPv4 stuff.
> 
> Deployments of DNS64 at larger conferences such as FOSDEM, RIPE and
> Cisco Live have shown that the techology is mature and works for most
> protocols.
> 
> DNS64 should not be enabled by default in Unbound (it requires local
> configuration anyway), but it should be either a configuration switch or
> a compile-time option (I would vote for a configuration switch. If it is
> a compile-time option, the distributions will enable it anyway).
> 
> The DNS64 configuration options in BIND 9 work fine and could be a
> template for Unbound.
> 
> I would be happy to see DNS64 support in Unbound and would be willing to
> test.
> 
> -- 
> Carsten Strotmann
> Email: cas at strotmann.de
> Blog: strotmann.de
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users


-- 
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

More information about the Unbound-users mailing list