[Unbound-users] DNS64 patch for Unbound

Carsten Strotmann unbound at strotmann.de
Mon Jun 30 13:11:15 UTC 2014

Hello Andreas,

lst_hoe02 at kwsoft.de writes:

> I doubt this is easy useable with DNSSEC as DNS records are created  
> on-the-fly, no? 

it is possible to do the DNS64 synthesizing of records after doing the
DNSSEC validation. As long as the client application does not do DNSSEC
validation, the scheme works. But sure, DNS64 and DNSSEC do not play
well together.

> I also don't like the idea of yet another workaround  
> to delay the switch-over, after all we already have  
> dual-stack(protocol) for the next decade i suspect.

DNS64 enables a network to go IPv6 native all the way, and switch off
legacy IPv4. I see that DNS64 *helps* with the switch over, it *helps*
sun-setting IPv4. It reduces complexity by removing the need to run full
dual-stack in order to access legacy IPv4 resources on the Internet.

Carsten Strotmann
Email: cas at strotmann.de
Blog: strotmann.de

More information about the Unbound-users mailing list