[Unbound-users] DNS-ALG/DNS64 question

Florian Weimer fw at deneb.enyo.de
Mon Oct 5 20:25:47 UTC 2009


* Simon Perreault:

> On Monday 05 October 2009 16:09:50 Florian Weimer wrote:
>> Why would you need DNS64 if you can make connections to IPv4 addresses
>> at the API level?  The kernel can tunnel/NAT it, no matter what API
>> calls you use.
>
> - Tunnel: the whole point of DNS64/NAT64 is to not assign IPv4 addresses to 
> the IPv6-only network.
>
> - NAT: uh?

NAT is just a very lightweight tunnel.

What I expect to happen is that the kernel performs the address
translation at the socket layer.  You send out an IPv4 UDP packet in
your application, and it gets send out as an IPv6 packet, with a
suitable IPv6 source address (whatever that is), destined to the NAT64
gateway (by apply a the DNS64 translation).  No IPv4 addresses are
required (except for the original destination).  The result is less
overall complexity, and perfect interoperability with DNSSEC.  The
cost is a small IPv4 stack change (which could presumably be
implemented as a packet filter rule if necessary).



More information about the Unbound-users mailing list