Quick comparison of LSNs and NAT64

Jeff Hartley intensifysecurity at gmail.com
Thu Jun 9 17:39:18 CDT 2011


> Indeed. Unfortunately there's no good way to support v6-only clients in
> an environment, where dual stacked endpoints do exist as well, see
> RFC6147 (DNS64) ch. 6.3.2.
>
> We still need to find some solution to that problem.
>

We've been using two workarounds:
1. Separate DNS resolvers (both BIND 9.8; one DNS64 and the other
DNS6).  Have the client provisioning system assign the appropriate DNS
server IPs (dual-stack to anycast set 1, v6-only to anycast set 2).
2. Use range-specific views to determine whether or not to apply DNS64
(this setup isn't standard BIND, though).

One is a kludge, and the other is vendor-specific, but they work.
-Jeff




More information about the NANOG mailing list