Project

General

Profile

Actions
Copy link

Feature #16615

open

Omit NAT64 address for queries from the firewall itself

Added by Marcos M 1 day ago. Updated 1 day ago.

Status:
Feedback
Priority:
Normal
Assignee:
Marcos M
Category:
DNS Resolver
Target version:
2.9.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
26.03
Release Notes:
Default

Description

Using DNS64 can result in the firewall itself trying to connect to a NAT64 address. For example:

[26.03-DEVELOPMENT][admin@gw]/root: ping6 github.com
PING(56=40+8+8 bytes) 2806:db8::1 --> 64:ff9b::8c52:7203

Doing NAT64 is not useful in this case since the firewall would already have an IPv4 address to reach the IPv4-only host. However the firewall should still be allowed to connect to NAT64 addresses if another device is set up to do the NAT64 translation instead. Automatic unbound configuration should be generated when appropriate to omit NAT64 addresses for DNS queries from the firewall itself.

Related issues

Related to Feature #16534: Omit reserved NAT64 addresses from DNS64 answersResolvedMarcos M

Actions
Actions
Copy link

Also available in: Atom PDF