DNS64 does not synthesise if AAAA query fails but A query works

Query for internetbanken.privat.nordea.se. AAAA ends up with SERVFAIL because it is broken on the authoritative side, but query internetbanken.privat.nordea.se. A succeeds.

https://tools.ietf.org/html/rfc6147#section-5.1.2 seems to specify (using pretty convoluted language), that any failure in AAAA resolving should trigger A subquery and DNS64 synthesis.

This was reported during RIPE 78 meeting because some people were not able to reach their bank website.

I can see two problems with current DNS64 module (as in Knot Resolver 4.0.0):

Failed AAAA query does not trigger synthesis, e.g. if we get SERVFAIL. This should be easy to fix.
AAAA query which fails because of all NS servers do not respond for AAAA query will not call consume() layer in module, and thus DNS64 module does not get a chance to do A query and synthesis. This will be harder to fix.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Admin message

DNS64 does not synthesise if AAAA query fails but A query works