ipv6 nat64 and dns64

Posted on 2014-01-14
Medium Priority
Last Modified: 2014-01-30
Are the function nat64 and dns64 combined in one device?

Is the dns64 in my network or on the Internet?

I have an ipv6 network and I want to reach a website. How does it work? Assume that nat64 is performed by my firewall and I am not sure how to deal with dns64.

Question by:leblanc
  • 2
  • 2
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 1000 total points
ID: 39783396
NAT64 and DNS64 can be on the same device, but are not required to be on the same device.  They allow IPV6 devices to resolve and communicate with IPV4 devices.  Check out this link for configuration information of them on a Windows server using Forefront UAG Directaccess.

LVL 66

Accepted Solution

btan earned 1000 total points
ID: 39784150
Both nat64 and dns64 can be performed within a device. You can check out the applications delivery controller (ADC) like f5 networks LTM, Citrix Netscalar and A10 etc and of course gateway such as MS UAG too.
They are used to retain existing addressing as transition and the ADC help to be the middle man till both source and dest becomes ipv6. Not all servers are easily going into ipv6 due to legacy apps.

The flow tends to be as follows assuming this device is fronting your network which is ipv6 and accessing another in ipv4 networks.

Suppose IPv6 client is going to connect to www.testingipv6.net (fake for illustration) which resides in IPv4 network
-First, IPv6 client performs DNS resolution. IPv6 client sends DNS AAAA query to ADC.
-ADC transforms AAAA to A query by DNS64 iRule
-ADC forwards A query from previous step to DNS pool in IPv4 domain
-DNS server in IPv4 domain replies to ADC
-ADC performs appropriate transformation such as changing from A to AAAA query and changing IPv4 address to IPv6 address before forwarding DNS answer back to IPv6 client.
-ADC uses fix 96-bit prefix address concatenate with 32-bit IPv4 address to form new dynamic IPv6 address. This will be performing the dns64.
-Once IPv6 client gets the answer to AAAA query (as IPv6 destination address). It opens connection to the IPv6 destination address. Traffic to the IPv6 destination must be routed through ADC
-ADC receives IPv6 traffic from client, perform src and dst address translation, and forwards to IPv4 network. This will be perfroming the nat64

Author Comment

ID: 39784402
Very good explanation.
Is ADC nat64 or dns64 or both?
"by DNS64 iRule". Is this a server that will be doing this? Is this on the Internet or local to the host?
"step to DNS pool in IPv4 domain". This is in the Internet. Correct?
LVL 22

Assisted Solution

by:Rick Hobbs
Rick Hobbs earned 1000 total points
ID: 39784411
1. Both.
2. It is an application running on either a server as in the MS UAG or an appliance  as in the F5, Netscaler, and A10 products.
3. Can be the Internet or another network.
LVL 66

Assisted Solution

btan earned 1000 total points
ID: 39784447
Both. Yes it is in F5 device iRule script in their LTM. it can sits behind your firewall or even even at front of FW. The ipv4 can be internet as described. ADC is just the forward proxy gateway out to the ipv4 land

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
If you try to migrate from Elastix to Issabel, you will face a lot of issues. These problems are inevitable but fortunately, you can fix them. In the guide below, I will explain how I performed the migration while keeping all data and successfully t…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question