Hi,
On Fri, Apr 10, 2026 at 09:56:54AM +0200, Philip Homburg wrote:
> > 3) If the people deploys DNSSEC together with IPv6,
> > DNS64 is not creating any trouble. It doesnt make sense to me that
> > DNSSEC is deployed without IPv6, right?
>
> Let me give you random popular site: slack.com.
>
> It does have DNSSEC, it doesn't have IPv6. Can we live if the real
> world please?
"it is signed" does not imply "an off-the-shelf client will do local
DNSSEC validation and fail on DNS64 replies"... but out of curiousity:
is there anyone defaulting to "validation on" in their stub resolvers?
[..]
> This is a very roundabout way of saying the DNS64 just doesn't work for
> hosts that do local DNSSEC validation.
This is correct, and well understood. The question is "is this relevant"?
And if this is relevant, will it excert enough pressure on major sites
like slack.com to add an IPv6 endpoint? It's 2026, after all... no
valid excuses anymore.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard,
Karin Schuler, Sebastian Cler
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: Dr. Frank Thiäner
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
