diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
| commit | 3d0386f27ca66379acf50199e1d1298386eeeeb8 (patch) | |
| tree | f87bd4a126b3a843858eb447e8fd5893c3ee3882 /modules/dns64/README.rst | |
| parent | Initial commit. (diff) | |
| download | knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.tar.xz knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.zip | |
Adding upstream version 3.2.1.upstream/3.2.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/dns64/README.rst')
| -rw-r--r-- | modules/dns64/README.rst | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/modules/dns64/README.rst b/modules/dns64/README.rst new file mode 100644 index 0000000..047443f --- /dev/null +++ b/modules/dns64/README.rst @@ -0,0 +1,26 @@ +.. _mod-dns64: + +DNS64 +----- + +The module for :rfc:`6147` DNS64 AAAA-from-A record synthesis, it is used to enable client-server communication between an IPv6-only client and an IPv4-only server. See the well written `introduction`_ in the PowerDNS documentation. +If no address is passed (i.e. ``nil``), the well-known prefix ``64:ff9b::`` is used. + +.. warning:: The module currently won't work well with :ref:`policy.STUB <mod-policy>`. + Also, the IPv6 passed in configuration is assumed to be ``/96``, and + PTR synthesis and "exclusion prefixes" aren't implemented. + +.. tip:: The A record sub-requests will be DNSSEC secured, but the synthetic AAAA records can't be. Make sure the last mile between stub and resolver is secure to avoid spoofing. + +Example configuration +^^^^^^^^^^^^^^^^^^^^^ + +.. code-block:: lua + + -- Load the module with a NAT64 address + modules = { dns64 = 'fe80::21b:77ff:0:0' } + -- Reconfigure later + dns64.config('fe80::21b:aabb:0:0') + + +.. _introduction: https://doc.powerdns.com/md/recursor/dns64 |