summaryrefslogtreecommitdiffstats
path: root/modules/dns64/README.rst
diff options
context:
space:
mode:
Diffstat (limited to 'modules/dns64/README.rst')
-rw-r--r--modules/dns64/README.rst28
1 files changed, 28 insertions, 0 deletions
diff --git a/modules/dns64/README.rst b/modules/dns64/README.rst
new file mode 100644
index 0000000..feceb1c
--- /dev/null
+++ b/modules/dns64/README.rst
@@ -0,0 +1,28 @@
+.. SPDX-License-Identifier: GPL-3.0-or-later
+
+.. _mod-dns64:
+
+DNS64
+=====
+
+The module for :rfc:`6147` DNS64 AAAA-from-A record synthesis, it is used to enable client-server communication between an IPv6-only client and an IPv4-only server. See the well written `introduction`_ in the PowerDNS documentation.
+If no address is passed (i.e. ``nil``), the well-known prefix ``64:ff9b::`` is used.
+
+.. warning:: The module currently won't work well with :func:`policy.STUB`.
+ Also, the IPv6 passed in configuration is assumed to be ``/96``, and
+ PTR synthesis and "exclusion prefixes" aren't implemented.
+
+.. tip:: The A record sub-requests will be DNSSEC secured, but the synthetic AAAA records can't be. Make sure the last mile between stub and resolver is secure to avoid spoofing.
+
+Example configuration
+---------------------
+
+.. code-block:: lua
+
+ -- Load the module with a NAT64 address
+ modules = { dns64 = 'fe80::21b:77ff:0:0' }
+ -- Reconfigure later
+ dns64.config('fe80::21b:aabb:0:0')
+
+
+.. _introduction: https://doc.powerdns.com/md/recursor/dns64
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-24 15:02:51 +0000