As organizations transition toward IPv6-only infrastructure to meet strict compliance mandates and future-proof their networks, legacy IPv4-only DNS resolvers introduce significant complexity. When operating in dual-stack or strictly IPv6 environments, relying on an IPv4 resolver forces your network to use translation mechanisms like NAT64 and DNS64. This translation adds unnecessary processing overhead to DNS resolution and complicates your overall network architecture.

You can now use Advanced DNS Security Resolver in IPv6-only and dual-stack environments, enabling secure DNS resolution for organizations transitioning from IPv4 or operating under IPv6 compliance mandates. Advanced DNS Security Resolver now supports primary and secondary IPv6 Anycast addresses across all points of presence, processes DNS queries from both IPv4 and IPv6 clients simultaneously, and delivers the same threat detection and sinkholing capabilities regardless of IP version.

This capability addresses critical requirements for Federal agencies with IPv6 mandates, dual-stack network environments that use NAT64/DNS64 translation, service providers managing large-scale networks, and organizations transitioning to IPv6-only infrastructure for enhanced security and increased address space. You can configure IPv6 connection sources during Advanced DNS Security Resolver onboarding in Strata Cloud Manager with flexible prefix lengths ranging from /56 to /64, and automatically identify the source IP version of incoming queries and responds using the same protocol for seamless resolution.

All DNS Security logs, threat detection, sinkhole responses, and block pages work seamlessly with IPv6 traffic, providing the same level of protection you have with IPv4. Strata Logging Service captures source and destination IPv6 addresses in both benign and threat logs, enabling full visibility into your DNS traffic regardless of protocol version.