In message <[email protected]>, Ted Lemon writes: > > On Feb 22, 2017, at 9:36 AM, Mark Andrews <[email protected]> wrote: > > DNS64 really should just be made historic. It does not work with > > DNSSEC. There has NEVER been a NEED for NAT64 or DNS64. They > > provides NO BENEFIT over other methods. Every proported benefit > > turns out not to exist. > > (A) I find NAT64 to be a very convenient solution, and best of all it = > tests IPv6 functionality in apps, so I know which apps will not work on = > a v6-only network. > (B) DNS64 works _fine_ with DNSSEC as long as you do the DNS64 = > translation _after you validate_.
And have managed to update EVERY DNSSEC validator in the DNS path from the DNS64 server to the final DNSSEC validator to do DNS64 prefix discovery and that you are willing to forego any other use of AAAA records other than to lookup host addresses. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ sunset4 mailing list [email protected] https://www.ietf.org/mailman/listinfo/sunset4
