At the last meeting (disclaimer: I'm not running those resolvers any more), NAT64 and DNS-over-TLS worked independently of each other. DNS64 synthesis was applied if the query source IPv6 address was on the NAT64 network, regardless of the port/protocol the query came over. DNS-over-TLS (port 853) was available on all the service IPs of the resolvers, no matter which network you accessed them from. This was intentional so that opportunistic clients like Android 9 would automatically use them. There was a talk about it at the DNS working group at RIPE76: https://ripe76.ripe.net/archives/video/56/ Cheers, Colin On 16-05-19 21:15, Gert Doering wrote:
Hi,
On Thu, May 16, 2019 at 10:10:03AM +0200, Thomas Schäfer wrote:
Is it right, that I can use
https://ripe78.ripe.net/on-site/tech-info/ipv6-only-network/
or
https://ripe78.ripe.net/on-site/tech-info/dns-over-tls-resolvers/
but not both at the same time?
I would guess that the IPv6 resolvers would work, but won't give you DNS64 synthesis...
Since you have native v6 at home, it might just work :-) - I'll definitely test!
Gert Doering -- NetMaster