* Simon Perreault: > On Monday 05 October 2009 16:09:50 Florian Weimer wrote: >> Why would you need DNS64 if you can make connections to IPv4 addresses >> at the API level? The kernel can tunnel/NAT it, no matter what API >> calls you use. > > - Tunnel: the whole point of DNS64/NAT64 is to not assign IPv4 addresses to > the IPv6-only network. > > - NAT: uh? NAT is just a very lightweight tunnel. What I expect to happen is that the kernel performs the address translation at the socket layer. You send out an IPv4 UDP packet in your application, and it gets send out as an IPv6 packet, with a suitable IPv6 source address (whatever that is), destined to the NAT64 gateway (by apply a the DNS64 translation). No IPv4 addresses are required (except for the original destination). The result is less overall complexity, and perfect interoperability with DNSSEC. The cost is a small IPv4 stack change (which could presumably be implemented as a packet filter rule if necessary).