What does anyone think about adding commented-out sections
dealing with nat and nat64/dns64 to examples/pf.conf and
unbound.conf?
Index: etc/examples/pf.conf
===================================================================
RCS file: /cvs/src/etc/examples/pf.conf,v
retrieving revision 1.2
diff -u -p -r1.2 pf.conf
--- etc/examples/pf.conf 18 May 2015 16:04:21 -0000 1.2
+++ etc/examples/pf.conf 12 Sep 2015 12:09:55 -0000
@@ -16,8 +16,14 @@ set skip on lo
# anchor for relayd(8)
#anchor "relayd/*"
+# network address translation for IPv4
+#match out on egress inet received-on any nat-to (egress:0)
+
block return # block stateless traffic
pass # establish keep-state
+
+# rules for NAT64, for use with unbound(8) dns64 module
+#pass in on !egress to 64:ff9b::/96 af-to inet from egress
# rules for spamd(8)
#table <spamd-white> persist
Index: etc/unbound.conf
===================================================================
RCS file: /cvs/src/etc/unbound.conf,v
retrieving revision 1.5
diff -u -p -r1.5 unbound.conf
--- etc/unbound.conf 19 Jul 2015 17:29:42 -0000 1.5
+++ etc/unbound.conf 12 Sep 2015 12:08:15 -0000
@@ -37,6 +37,13 @@ server:
#
#tcp-upstream: yes
+ # DNS64 options, synthesizes AAAA records for hosts that don't have
+ # them. For use with NAT64 (PF "af-to").
+ #
+ #module-config: "dns64 validator iterator"
+ #dns64-prefix: 64:ff9b::/96 # well-known prefix (default)
+ #dns64-synthall: no
+
remote-control:
control-enable: yes
control-use-cert: no
