Yoav Nir <ynir.i...@gmail.com> wrote:
> To get this working, the DNS64 should be on the remote tunnel endpoint
> or behind it. And this will require that it has an IPv6 address and
> knows to do the NAT64 translation in cooperation with the tunnel
> endpoint. I guess this vendor’s IPsec implementation doesn’t do all
> that. Neither does my employer’s.So, I think that you are saying that if the client does DNS through the tunnel, then the HQ's DNS servers have to do DNS64 synthesis? I guess people need to do DNS through the tunnel because of needing to resolv internal addresses. It's the whole MIF/split-horizon DNS problem, and I think it's all a bad IPv4-specific idea, and we should be trying to kill it. In an IPv6 world, we have better ways to build walled gardens. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ sunset4 mailing list sunset4@ietf.org https://www.ietf.org/mailman/listinfo/sunset4
