Hi, > Op 22 feb. 2017, om 17:35 heeft Ted Lemon <[email protected]> het volgende > geschreven: > > On Feb 22, 2017, at 9:36 AM, Mark Andrews <[email protected]> wrote: >> DNS64 really should just be made historic. It does not work with >> DNSSEC. There has NEVER been a NEED for NAT64 or DNS64. They >> provides NO BENEFIT over other methods. Every proported benefit >> turns out not to exist. > > (A) I find NAT64 to be a very convenient solution, and best of all it tests > IPv6 functionality in apps, so I know which apps will not work on a v6-only > network. > (B) DNS64 works _fine_ with DNSSEC as long as you do the DNS64 translation > _after you validate_.
This. I have tested different implementations and used others that work like this, and it works fine. I'm at Cisco Live in Berlin and I have been behind a DNSSEC validating NAT64 resolver the whole week (thanks to Jan Žorž for providing it!). Cheers, Sander
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ sunset4 mailing list [email protected] https://www.ietf.org/mailman/listinfo/sunset4
