DNS64: reverse lookups fail when using ULA prefix

Maurice Walker maurice at walker.earth
Wed Feb 19 13:51:25 UTC 2020


When using the default DNS64 prefix, reverse lookups for synthesized addresses
work. For example, a reverse lookup for 64:ff9b:: properly
resolves to PTR dicht.nlnetlabs.nl and PTR open.nlnetlabs.nl.

Same behavior when setting dns64-prefix to a GUA prefix.

But when using a ULA prefix ("dns64-prefix: fd01:db8::/96"), reverse lookups
fail (NXDOMAIN).

- Is this behavior intentional? The cause most likely is filtering of reverse
  lookups for private address space. But shouldn't the dns64-prefix be
  excluded from such filtering?
- If it is indeed intentional, what would be the best way to work around it?
  Setting "unblock-lan-zones: yes" does the trick, but seems a bit too radical.


More information about the Unbound-users mailing list