DNS64 & nslookup

Mark Boolootian booloo at ucsc.edu
Wed Apr 11 22:49:31 UTC 2018

>> I'll give those tools a try, but I don't understand how my client is requesting
> an A record. It only has IPv6 networking. DNS64 should be requesting an
> A record, but that the client should see is the converted AAAA record. Is that
> not right?
> Nope-- DNS requests aren't going to convert an A record to a AAAA record.
> Normally, IPv6 only machines should request IPv6 AAAA records by preference,

I think he was saying this.  If his machine is truly IPv6-only, then the
resolver would only perform AAAA lookups (I can't speak to what
nslookup would do).  That AAAA lookup gets forwarded to the DNS64
box, which performs the A lookup (and finds no AAAA), and then returns
the synthesized AAAA record.

> and fall back to IPv4 A records only when IPv6 isn't available.

As far as I know, a host with on an IPv6 address is only ever
going to perform AAAA lookups.  I'd be very interested to know
if there are cases where that isn't true.

>  However, your   IPv6-only machine will route IPv4 traffic using
> 6-in-4 or NAT64 addressing,   otherwise you'd get broken
> connectivity to IPv4-only addresses.

Not that I'm saying anything you don't know, but that's the
purpose of DNS64 - to make sure you can reach IPv4 only
resources.  But if your IPv6-only host is trying to reach an
IPv4 literal (e.g. embedded in a web page), then unless you
have a 464 CLAT available, you're out of luck.


More information about the bind-users mailing list