Whhy on earth would anyone use the abomination that is NAT64/DNS64 (with forged, unsignable DNS replies) rather than simply assigning fake (private) IPv4's for ordinary NAT?
Conversation
This Tweet was deleted by the Tweet author. Learn more
Everyone using a domain registrar like Google Domains has DNSSEC by default and yet they won't have IPv6 by default with many hosts like OVH. There's no reason it needs to take any effort to set it up if you aren't using alternate DNS. I don't think the probability is low at all.
It applies to several of my sites using OVH because I've found their IPv6 connectivity to be unreliable garbage and disabled it + removed AAAA records while deciding on a different host. I didn't implement DNSSEC, it's just there to start and is useful for CAA and mail security.
1
On the other hand, I did have to manually set up IPv6 by configuring it in my VMs and adding the extra DNS records. OVH ended up having garbage tier support for it dropping lots of new connections and their support hasn't taken it seriously so I had to roll that back...