26.1.8_5 - BUG: DNS64 not work anymore in Unbound DNS

inkeliz · May 27, 2026, 04:12:22 PM

The option "Enable DNS64 Support" states:
```
If this option is set, Unbound will synthesize AAAA records from A records if no actual AAAA records are present.
```

However, it's not working anymore. I have a IPv6 only network (OPNSense is the only one with IPv6 for NAT64/DNS64). Before the upgrade, everything was working as expected with "Enable DNS64 Support" and "Enable AAAA-only mode" checked.

Now, querying any DNS will result in no AAAA. For instance:
```
drill AAAA github.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 27285
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; github.com. IN AAAA
```

Note: Github.com doesn't have AAAA, but Unbound DNS fail to "synthesize AAAA records from A record".

Monviech (Cedrik) · May 27, 2026, 04:12:55 PM

https://github.com/opnsense/core/issues/10312

inkeliz · May 27, 2026, 04:25:37 PM

Thank you, running `opnsense-revert -r 26.1.7 unbound` worked. :D

franco · June 02, 2026, 04:39:45 PM

Unbound devs have since commented but nothing concrete yet. I've asked again.

https://github.com/NLnetLabs/unbound/issues/1344#issuecomment-4541610132

Cheers,
Franco

inkeliz

The new unbound 1.25.1 seems to include some important security fixes. I didn't update it yet, due to this DNS64 bug.

Have any other alternative to Unbound DNS (with DNS64 support)?

franco

Not that I know of.

26.1.8_5 - BUG: DNS64 not work anymore in Unbound DNS

inkeliz

May 27, 2026, 04:12:22 PM

Monviech (Cedrik)

May 27, 2026, 04:12:55 PM #1

inkeliz

May 27, 2026, 04:25:37 PM #2

franco

June 02, 2026, 04:39:45 PM #3

inkeliz

Today at 01:35:14 PM #4

franco

Today at 04:27:36 PM #5