Whhy on earth would anyone use the abomination that is NAT64/DNS64 (with forged, unsignable DNS replies) rather than simply assigning fake (private) IPv4's for ordinary NAT?
Conversation
This Tweet was deleted by the Tweet author. Learn more
Everyone using a domain registrar like Google Domains has DNSSEC by default and yet they won't have IPv6 by default with many hosts like OVH. There's no reason it needs to take any effort to set it up if you aren't using alternate DNS. I don't think the probability is low at all.
1
1
It applies to several of my sites using OVH because I've found their IPv6 connectivity to be unreliable garbage and disabled it + removed AAAA records while deciding on a different host. I didn't implement DNSSEC, it's just there to start and is useful for CAA and mail security.
1
This Tweet was deleted by the Tweet author. Learn more
The North America one in Quebec. It works fine a lot of the time but then ends up dropping new inbound and outbound connections with varying probability.