Nick, the solution to this is to do DNS64 in the validator. If the validator is a stub resolver, do the DNS64 hack there. AFAIK the technology to support this already exists.
> On Feb 22, 2017, at 7:23 AM, Heatley, Nick <[email protected]> wrote: > > Post exhaustion, the majority of cellular networks and some public wifi > networks will use DNS64. > DNSSEC and DNS64 do not get along. DNSSEC for “A records only” is broken. > Is this the reason why all content must go v6? > Or is the case for DNSSEC still questionable? > Or do end hosts need to perform DNS64 so “DNSSEC for A records only” can be > intact? > > NOTICE AND DISCLAIMER > This email contains BT information, which may be privileged or confidential. > It's meant only for the individual(s) or entity named above. > If you're not the intended recipient, note that disclosing, copying, > distributing or using this information is prohibited. > If you've received this email in error, please let me know immediately on the > email address above. Thank you. > > We monitor our email system, and may record your emails. > > EE Limited > Registered office:Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 > 9BW > Registered in England no: 02382161 > > EE Limited is a wholly owned subsidiary of: > > British Telecommunications plc > Registered office: 81 Newgate Street London EC1A 7AJ > Registered in England no: 1800000 > > _______________________________________________ > sunset4 mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/sunset4 > <https://www.ietf.org/mailman/listinfo/sunset4>
_______________________________________________ sunset4 mailing list [email protected] https://www.ietf.org/mailman/listinfo/sunset4
