On 10-Apr-26 07:17, Paul Vixie wrote:
On Thursday, April 9, 2026 12:12:12 PM PDT Philip Homburg wrote:
> > ...
>
> In my opinion we should strongly discourage deploying DNS64. So moving
> DNS64 to Internet Standard sends completely the wrong message.
I'm very torn on that, because like it or not DNS64 is stable, well-defined,
and widely implemented. (I'd also prefer to abolish the problem by abolishing
the distinction between Proposed Standard and Internet Standard, but that's
another story.)
so, i agree, but:
> DNS64 is incompatible with local DNSSEC validation. This combines the
> worst of both worlds: something doesn't work both because of DNSSEC and
> IPv6.
>
> New deployments of NAT64 should either use some kind of address synthesis
> in a library or deploy a CLAT.
I don't think there's much disagreement with that.
we should not need new deployments of v6/v4 transition technology almost 20
years after june 6 2006, and it's time for the IETF to occupy that position.
But we still do need co-existence for very practical reasons. That's why
v6ops is developing the IPv6-mostly approach in draft-ietf-v6ops-6mops,
which explicitly says:
"Those concerns make DNS64 a suboptimal and undesirable solution long-term.
To eliminate the needs for DNS64..." etc.
So we might end up with DNS64 completely meeting the requirements for
Internet Standard status and being operationally deprecated. Yes,
it's a paradox.
Brian
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
