On Sun, Dec 07, 2014 at 08:35:51AM +1100, Mark Andrews wrote: > get the DNS64 parameters securely for which there is no solution > today. You mean, "Get the Pref64 securely"? There is in fact a solution for that, and it is in RFC 7050. Moreover, it can be secured if the ISP is not using the WKP. So, if you're willing to do the DNS64 function yourself and your ISP isn't using the WKP, you can have secure answers. (For all that, if your ISP _is_ using the WKP, then you don't need to look it up securely.) > Can we just give up on DNS64 as a general solution to going IPv6 > only. I should hope so. It was never intended to be a general solution, and I think we who worked on it were crystal clear about that all along. Best regards, A -- Andrew Sullivan ajs@xxxxxxxxxxxxxxxxxx