On 2020-10-30 at 19:09 +0100, Philip Homburg wrote: > On 2020/10/30 18:38 , Phil Pennock wrote: > > On a laptop, you discover when roaming that suddenly you're on a network > > where the only DNS upstreams are doing 464XLAT and all DNSSEC > > verification breaks, so you need to be able to handle that _sometimes_ > > DNSSEC is just not viable. > > I'm confused. Why does 464XLAT break DNSSEC? The idea is that a DNSSEC
I've probably gotten confused about the different translation technologies: I haven't been an ISP sysadmin in decades and am rustier than I like to admit. It's whichever one ends up with all connectivity to the global IPv4 Internet being via IPv4-in-IPv6 addresses and all DNS is faked to only return AAAA records using the network operator's IPv6 prefix for such addresses. Sorry. -Phil _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
