[Unbound-users] DNS64 patch for Unbound

Ondřej Caletka ondrej at caletka.cz
Wed Jul 2 08:34:10 UTC 2014

Dne 1.7.2014 12:26, Bjoern A. Zeeb napsal(a):
> OK, just replying to the last email;  I’ll cleanup the patch (without the regenerated files, etc.) and post it here the next hours or if that fails days, so people can review, test, integrate it.


I'm not sure if it's valid in current version of patches, but I would
like to point out that the DNS64-patched Unbound operated on public
NAT64 test [1] (apparently offline ATM) fails to conform with RFC 6147
in the way it handles queries with DO and CD flags set. For these
queries, the synthesis MUST NOT be performed in order to preserve valid
DNSSEC data for further validation at endpoint [2]. I think this should
be fixed before the patch reaches the upstream.

[1]: http://go6lab.si/current-ipv6-tests/nat64dns64-public-test/
[2]: http://tools.ietf.org/html/rfc6147#section-5.5

Ondřej Caletka

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4287 bytes
Desc: Elektronicky podpis S/MIME
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20140702/2b810ff1/attachment.bin>

More information about the Unbound-users mailing list