DNS64 & nslookup
booloo at ucsc.edu
Wed Apr 11 22:49:31 UTC 2018
>> I'll give those tools a try, but I don't understand how my client is requesting
> an A record. It only has IPv6 networking. DNS64 should be requesting an
> A record, but that the client should see is the converted AAAA record. Is that
> not right?
> Nope-- DNS requests aren't going to convert an A record to a AAAA record.
> Normally, IPv6 only machines should request IPv6 AAAA records by preference,
I think he was saying this. If his machine is truly IPv6-only, then the
resolver would only perform AAAA lookups (I can't speak to what
nslookup would do). That AAAA lookup gets forwarded to the DNS64
box, which performs the A lookup (and finds no AAAA), and then returns
the synthesized AAAA record.
> and fall back to IPv4 A records only when IPv6 isn't available.
As far as I know, a host with on an IPv6 address is only ever
going to perform AAAA lookups. I'd be very interested to know
if there are cases where that isn't true.
> However, your IPv6-only machine will route IPv4 traffic using
> 6-in-4 or NAT64 addressing, otherwise you'd get broken
> connectivity to IPv4-only addresses.
Not that I'm saying anything you don't know, but that's the
purpose of DNS64 - to make sure you can reach IPv4 only
resources. But if your IPv6-only host is trying to reach an
IPv4 literal (e.g. embedded in a web page), then unless you
have a 464 CLAT available, you're out of luck.
More information about the bind-users