filter-a and dns64 in a ipv6-only network
Thomas Schäfer
tschaefer at t-online.de
Tue Jan 31 18:52:11 UTC 2023
Am Montag, 30. Januar 2023, 23:12:53 CET schrieb Mark Andrews:
> Do you want a correctly operating DNS64 server or do you want to filter
> all A records? They are mutually exclusive requirements. Please read
> RFC 6147 to understand why they are mutually exclusive.
That's simply not true. RFC 6147 is about synthesizing AAAA records based on A
records. It says nothing about blocking A records afterwards.
> You seem to have this strange notion that to run an IPv6-only node or
> network that you need to filter out A records.
It isn't more strange than filtering AAAA records in old IPv4 only networks.
That filter is ironically implemented by the isc - despite there is no serious
RFC for that.
The purpose of the A record filter is to correct the behavior of apps which
don't respect IPv6 RFCs regarding the preference of IPv6 over IPv4.
> Could you tell me who or
> what told you this was required?
Thank you for the personal attack within the first contact. I am old (enough)
- I can speak for myself.
I am an experienced user of different IPv6 only networks.
e.g
daily at eduroam-IPv6only, a big Wifi network administrated by the Leibniz
Supercomputinger Centre in Munich,
daily at the IPv6-only mobile network(4g/5g) by Deutsche Telekom,
once a year at the RIPE conference WiFi
I am the admin of my home/test lab with: tayga, jool, unbound (filters a, does
dns64) , dnsmasq (can filter a, but can't do dns64 )
I know that clat is a solution for *some* very old apps, usually on
smartphones and recently also on macs.
Nevertheless Windows doesn't use clat in wireless/wired LANs.
I want to get rid of clat - aka 464xlat. ( clat was not invented for eternity)
Even linux has no default clat installation on many distributions.
My experience until now: the a record filter doesn't break anything, but it
make some apps working without clat - so at least some windows and linux
apps.
Now I am testing the usefulness of bind. In the recent state it isn't useful.
Regards
Thomas Schäfer
More information about the bind-users
mailing list