DNS64: reverse lookups fail when using ULA prefix

Maurice Walker maurice at walker.earth
Wed Feb 19 14:59:23 UTC 2020

Thanks Wouter!

On 19/02/2020 15:05, Wouter Wijngaards via Unbound-users wrote:
> Because in fact the dns64 prefix is more specific, it would be a good
> idea to perhaps keep the default, local-zone: "d.f.ip6.arpa." static,
> with a more specific cut-out: local-zone: "8.b.d.0.1.0.d.f.ip6.arpa."
> transparent.  You may also need domain-insecure:
> "8.b.d.0.1.0.d.f.ip6.arpa." or domain-insecure: "d.f.ip6.arpa." to make
> it work.

"local-zone: 8.b.d.0.1.0.d.f.ip6.arpa. transparent" fixes it (while not
touching the default for d.f.ip6.arpa.). "domain-insecure" is not required,
d.f.ip6.arpa. is not signed.

I wonder whether it would be a good idea for unbound to add such an exception
for the specified dns64-prefix automatically?


More information about the Unbound-users mailing list