filter-a and dns64 in a ipv6-only network
Marco
mo01 at posteo.de
Tue Jan 31 19:03:42 UTC 2023
Am 31.01.2023 um 19:52:11 Uhr schrieb Thomas Schäfer:
> Am Montag, 30. Januar 2023, 23:12:53 CET schrieb Mark Andrews:
> > Do you want a correctly operating DNS64 server or do you want to
> > filter all A records? They are mutually exclusive requirements.
> > Please read RFC 6147 to understand why they are mutually exclusive.
> >
>
> That's simply not true. RFC 6147 is about synthesizing AAAA records
> based on A records. It says nothing about blocking A records
> afterwards.
Why would it make sense to block them?
> > You seem to have this strange notion that to run an IPv6-only node
> > or network that you need to filter out A records.
>
> It isn't more strange than filtering AAAA records in old IPv4 only
> networks. That filter is ironically implemented by the isc - despite
> there is no serious RFC for that.
I don't see a reason for filtering at all. What is the benefit of that?
> The purpose of the A record filter is to correct the behavior of apps
> which don't respect IPv6 RFCs regarding the preference of IPv6 over
> IPv4.
Best would be to fix these "apps".
If the computer does not have an IPv4 address, the A records are
useless, it can't use them and needs to connect via IPv6.
> My experience until now: the a record filter doesn't break anything,
> but it make some apps working without clat - so at least some
> windows and linux apps.
Why don't they work if they can't connect using IPv4?
Which apps are affected?
More information about the bind-users
mailing list