[knot-resolver-users] Re: KNOT sharing cache or not for different instances (nat64 vs no nat64)

Hello, After simplifying to only one certificate for DoH and DoT (with an alt name for the dns64 domain), we were able to migrate to version 6.x with a single shared configuration, and it works quite well. It is a lot cleaner and clearer as well and the dst-subnet option in views is very useful :) We experienced a little bug with subnets in views though. With this type of configuration: (…) dns64: true views: - subnets: ['0.0.0.0/0', '::/0'] answer: refused - subnets: ['127.0.0.0/8', (more IPv4 subnets)] answer: allow options: dns64: false - subnets: ['::1/128', '2001:0db0::/31'] dst-subnet: 2001:0123:53::1 answer: allow options: dns64: false - subnets: ['::1/128', '2001:0db0::/31'] dst-subnet: 2001:0123:53::64 answer: allow (…) All queries received on a correct dst-subnet and sent from the subnet 2001:0db0::/31 were refused when they should have been allowed! However, we got this to work by splitting the /31 into two /32 in the config file: (…) dns64: true views: - subnets: ['0.0.0.0/0', '::/0'] answer: refused - subnets: ['127.0.0.0/8', (more IPv4 subnets)] answer: allow options: dns64: false - subnets: ['::1/128', '2001:0db0::/32’, '2001:0db1::/32'] dst-subnet: 2001:0123:53::1 answer: allow options: dns64: false - subnets: ['::1/128', '2001:0db0::/32’, '2001:0db1::/32'] dst-subnet: 2001:0123:53::64 answer: allow (…) Regards, --Bolemo