Moin, sorry for the high RTT; Had some unexpected events after 123. On Tue, 2025-08-05 at 11:50 +1000, Mark Andrews wrote: > Repeating so this gets tied to the draft name. > > ... > > I am going to be contrary here and say that DNS servers MUST NOT > synthesis IPv6 address records from the PREF64 option. This is > the wrong level of the stack to perform this translation as the > DNS server is not an IP router and to do this properly the DNS > server would need to process the kernels routing table. Just > use the IPv4AAS built into the operating system as it reached > via the routing table in the kernel.
No, actually it does not need to access the routing table. The process is: - Configure PREF64 (2001:db8:6464::/96) in daemon - Daemon gets: example.com IN NS ns01.example.com ADDITIONAL ns01.example.com IN A 192.0.2.1 It then calculates 2001:db8:6464::c000:201 from that and just directly opens an IPv6 socket to talk to 2001:db8:6464::c000:201. This effectively skips one step of translation. Beyond 'skipping a translation step', hence reducing the need for state-keeping in the kernel doing said translation', the advantage is that this is a much more straight forward way of configuring things on a host that generally does not do XLAT, e.g., a recursive DNS server run by a provider, i.e., not a client/stub behind XLAT for anything but the service (i mean; what is there? Management and getting packages from an ideally local mirror). This is basically also described here: https://www.ietf.org/archive/id/draft-ietf-v6ops-ipv6-only-resolver-00.html (Expired, hence touched upon in the -bis) Unbound actually already implements this feature: https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound.conf.html#unbound-conf-nat64 And I am running 2a06:d1c7:: as a (semi public cause rate limited but usually works good enough) public resolver using that feature. > The DNS is an application that deals with IP literals. CLAT is > the correct mechanism to deal with this with XLAT as is B4 with > DS-Lite. See above; I would argue, though, that the benefit of 'skip one additional translation step and state keeping' still outweighs things here. With best regards, Tobias -- Dr.-Ing. Tobias Fiebig T +31 616 80 98 99 M [email protected] Pronouns: he/him/his _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
