The option "Enable DNS64 Support" states:
```
If this option is set, Unbound will synthesize AAAA records from A records if no actual AAAA records are present.
```
However, it's not working anymore. I have a IPv6 only network (OPNSense is the only one with IPv6 for NAT64/DNS64). Before the upgrade, everything was working as expected with "Enable DNS64 Support" and "Enable AAAA-only mode" checked.
Now, querying any DNS will result in no AAAA. For instance:
```
drill AAAA github.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 27285
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; github.com. IN AAAA
```
Note: Github.com doesn't have AAAA, but Unbound DNS fail to "synthesize AAAA records from A record".
https://github.com/opnsense/core/issues/10312
Thank you, running `opnsense-revert -r 26.1.7 unbound` worked. :D
Unbound devs have since commented but nothing concrete yet. I've asked again.
https://github.com/NLnetLabs/unbound/issues/1344#issuecomment-4541610132
Cheers,
Franco
The new unbound 1.25.1 seems to include some important security fixes. I didn't update it yet, due to this DNS64 bug.
Have any other alternative to Unbound DNS (with DNS64 support)?
Not that I know of.