> The DNS64 has to stuff the IPv4 bits somewhere in the IPv6 bits. > Although it's simpler to do that at a 32 bit boundary (and a 16 bit > boundary has checksumming advantages), as far as I know all of this > happens in software and can be handled fast enough even if the rules > get more complex to have decent performance on a normal DNS server > like machine.
The DNS64 does not have "to stuff the IPv4 bits somewhere in the IPv6 bits." It could also use mapping tables to map the IPv4 bits to arbitrary IPv6 bits. The mapping solution requires that the mapping tables be available to both NAT64 and DNS64, which is an engineering constraint. But it has two big advantages regarding privacy and security. DNS64 and NAT64 do not expose the IPv4 bits, which is a privacy bonus. NAT64 will not perform a reverse mapping unless there is an entry in the table, which is a security bonus. -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
