[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: effect of v4 runout [Re: v6ops-nat64-pb-statement-req: DNSSEC requirement]
On 2008-07-28 18:48, Pekka Savola wrote:
> On Sun, 27 Jul 2008, Iljitsch van Beijnum wrote:
>> If you want to use DNSSEC and NAT64 together, either DNSSEC or DNS64
>> must be changed to be aware of the other.
>
> (This is a side note wrt the subject change..) Well, you could make the
> v6-hosts query A records, and synthethize themselves based on NAT64
> prefix information they have. Not sure if you count this in either of
> your categories above.
I think some of us have been calling this a "lying resolver" that
transforms A replies into AAAA replies. The resolver could extend its
lie, by validating the A reply and pretending that the synthetic AAAA
was validated.
However, that requires the IPv6 resolver to be modified, i.e. a
host modification.
Brian