1The DNS64 code was written by Viagenie, 2009, by Simon Perrault as part 2of the Ecdysis project. The code is copyright by them, and has the BSD 3license (see the dns64/dns64.c file). 4 5To enable DNS64 functionality in Unbound, two directives in unbound.conf must 6be edited: 7 81. The "module-config" directive must start with "dns64". For example: 9 10 module-config: "dns64 validator iterator" 11 12If you're not using DNSSEC then you may remove "validator". 13 142. The "dns64-prefix" directive indicates your DNS64 prefix. For example: 15 16 dns64-prefix: 64:FF9B::/96 17 18The prefix must be a /96 or shorter. 19 20To test that things are working right, perform a query against Unbound for a 21domain name for which no AAAA record exists. You should see a AAAA record in 22the answer section. The corresponding IPv6 address will be inside the DNS64 23prefix. For example: 24 25 $ unbound -c unbound.conf 26 $ dig @localhost jazz-v4.viagenie.ca aaaa 27 [...] 28 ;; ANSWER SECTION: 29 jazz-v4.viagenie.ca. 86400 IN AAAA 64:ff9b::ce7b:1f02 30 31 32NAT64 support was added by David Lamparter in 2022; license(s) of the 33surrounding code apply. Note that NAT64 is closely related but functionally 34orthogonal to DNS64; it allows Unbound to send outgoing queries to IPv4-only 35servers over IPv6 through the configured NAT64 prefix. This allows running 36an Unbound instance on an IPv6-only host without breaking every single domain 37that only has IPv4 servers. Whether that Unbound instance also does DNS64 is 38an independent choice. 39 40To enable NAT64 in Unbound, add to unbound.conf's "server" section: 41 42 do-nat64: yes 43 44The NAT64 prefix defaults to the DNS64 prefix, which in turn defaults to the 45standard 64:FF9B::/96 prefix. You can reconfigure it with: 46 47 nat64-prefix: 64:FF9B::/96 48 49To test NAT64 operation, pick a domain that only has IPv4 reachability for its 50nameservers and try resolving any names in that domain. 51