How to generate authoritative DNS64 reverse zone

Mark Andrews marka at
Fri May 19 22:48:33 UTC 2017

In message <57bf558b-f4eb-f2e4-c27c-9447ff4dd8c1 at>, Aleksi Suhonen writes:
> Hello,
> Suppose that I have a NAT64 prefix 2001:67c:2b0:db32:0:1::/96 and a
> couple of DNS64 resolvers that use it. The resolvers will also generate
> nice CNAMEs that point to for that prefix. This is nice.
> But other resolvers in the world won't do that, so I'd need to have a
> real reverse zone for this fantastical NAT64 prefix for their benefit.
> But if I configure a DNS64 prefix on an authoritative server, it will
> start messing with my normal zones too, won't it?
> So how do I configure Bind9 to generate one authoritative DNS64 reverse
> zone that contains CNAMEs to, but otherwise not mess with
> anything?
> Yours,

You should delegate normally.
This will let everyone in the world find the CNAME records.  This
should be done even if you are just doing it for your recursive

If you don't want A to AAAA mappings to happen then turn off the
DNS64 mapping for everyone on the server.

        dns64 2001:67c:2b0:db32:0:1::/96 {
                clients { none; }


> -- 
>         Aleksi Suhonen / Axu TM Oy
>         Internetworking Consulting
>         Cellular: +358 44 975 6548
>         World Wide Web:
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list