At the last meeting (disclaimer: I'm not running those resolvers any
more), NAT64 and DNS-over-TLS worked independently of each other.
DNS64 synthesis was applied if the query source IPv6 address was on the
NAT64 network, regardless of the port/protocol the query came over.
DNS-over-TLS (port 853) was available on all the service IPs of the
resolvers, no matter which network you accessed them from. This was
intentional so that opportunistic clients like Android 9 would
automatically use them.
There was a talk about it at the DNS working group at RIPE76:
https://ripe76.ripe.net/archives/video/56/
Cheers,
Colin
On 16-05-19 21:15, Gert Doering wrote:
Hi,
On Thu, May 16, 2019 at 10:10:03AM +0200, Thomas Schäfer wrote:
Is it right, that I can use
https://ripe78.ripe.net/on-site/tech-info/ipv6-only-network/
or
https://ripe78.ripe.net/on-site/tech-info/dns-over-tls-resolvers/
but not both at the same time?
I would guess that the IPv6 resolvers would work, but won't give
you DNS64 synthesis...
Since you have native v6 at home, it might just work :-) - I'll
definitely test!
Gert Doering
-- NetMaster
