Actions
Feature #16534
closed
Omit reserved NAT64 addresses from DNS64 answers
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
26.03
Release Notes:
Default
Description
We create default filter rules to prevent the NAT64 translation for reserved IPv4 addresses. For example, a request to 64:ff9b::a00:1 will not be translated to 10.0.0.1. These rules are required for RFC compliance. Though the translation itself is prevented, DNS64 replies with the translated reserved address. This results in unnecessary traffic and potential timeouts for the client. To resolve this, we can use the respip unbound module to omit these reserved addresses from the answer to client AAAA queries.
Related issues
Updated by Marcos M 2 months ago
- Status changed from New to Needs Patch
This needs addressed first: https://github.com/NLnetLabs/unbound/issues/1373
Updated by Marcos M about 1 month ago
- Status changed from Needs Patch to In Progress
- Target version changed from CE-Next to 2.9.0
- Plus Target Version changed from Plus-Next to 26.03
Updated by Marcos M about 1 month ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Applied in changeset c1a0168388cf765eb248e82b28ecbdf21c04964b.
Updated by Marcos M about 1 month ago
- Status changed from Feedback to Resolved
Tested working on latest build.
Updated by Marcos M 13 days ago
- Related to Feature #16615: Omit NAT64 address for queries from the firewall itself added
Actions