[knot-resolver-users] [Knot Resolver 6.0.16] is there a way to force DNS64 synthesis for specific domains that have native AAAA records?

Hi, I'm running Knot Resolver 6.0.16 with DNS64 enabled for specific views (only when queries come from certain IPv6 addresses, using the default 64:ff9b::/96 prefix). It works perfectly for IPv4-only domains, but I need to force DNS64 synthesis for a specific domain (security.ubuntu.com) that has native AAAA records. My use case: security.ubuntu.com has AAAA records, but Ubuntu's apt caching system is often broken and tries to fallback to IPv4. On IPv6-only systems, this fails. I need to force DNS64 to synthesize AAAA from A records for this specific domain, bypassing the existing AAAA records. What we've tried: - Using policy.DENY to block AAAA queries → returns NXDOMAIN instead of NODATA, DNS64 doesn't trigger - Creating custom actions to return NODATA → DNS64 never sees it because policy responses bypass the DNS64 layer - Manually creating A sub-queries with DNS64_MARK flag → causes assertion failures or the original AAAA query resolves normally in parallel - Using kres.YIELD → crashes with "assertion failed in answer_finalize" The core issue: DNS64 only activates when it observes a genuine NODATA response from upstream servers, but we can't seem to intercept and redirect AAAA queries through DNS64's synthesis mechanism for specific domains. Is there a supported way to: 1. Force DNS64 synthesis for specific domains even when AAAA records exist? Ideally from the yaml config. 2. Call DNS64's synthesis function directly from Lua? 3. Or any other approach to achieve this? Thanks in advance!