[141632] in North American Network Operators' Group
Re: Quick comparison of LSNs and NAT64
daemon@ATHENA.MIT.EDU (Jeff Hartley)
Thu Jun 9 18:39:23 2011
In-Reply-To: <20110609192333.GA9408@srv03.cluenet.de>
Date: Thu, 9 Jun 2011 18:39:18 -0400
From: Jeff Hartley <intensifysecurity@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Indeed. Unfortunately there's no good way to support v6-only clients in
> an environment, where dual stacked endpoints do exist as well, see
> RFC6147 (DNS64) ch. 6.3.2.
>
> We still need to find some solution to that problem.
>
We've been using two workarounds:
1. Separate DNS resolvers (both BIND 9.8; one DNS64 and the other
DNS6). Have the client provisioning system assign the appropriate DNS
server IPs (dual-stack to anycast set 1, v6-only to anycast set 2).
2. Use range-specific views to determine whether or not to apply DNS64
(this setup isn't standard BIND, though).
One is a kludge, and the other is vendor-specific, but they work.
-Jeff
