ipv6 nat64 and dns64

Are the function nat64 and dns64 combined in one device?

Is the dns64 in my network or on the Internet?

I have an ipv6 network and I want to reach a website. How does it work? Assume that nat64 is performed by my firewall and I am not sure how to deal with dns64.

Rick HobbsRETIREDCommented:
NAT64 and DNS64 can be on the same device, but are not required to be on the same device.  They allow IPV6 devices to resolve and communicate with IPV4 devices.  Check out this link for configuration information of them on a Windows server using Forefront UAG Directaccess.

btanExec ConsultantCommented:
Both nat64 and dns64 can be performed within a device. You can check out the applications delivery controller (ADC) like f5 networks LTM, Citrix Netscalar and A10 etc and of course gateway such as MS UAG too.
They are used to retain existing addressing as transition and the ADC help to be the middle man till both source and dest becomes ipv6. Not all servers are easily going into ipv6 due to legacy apps.

The flow tends to be as follows assuming this device is fronting your network which is ipv6 and accessing another in ipv4 networks.

Suppose IPv6 client is going to connect to www.testingipv6.net (fake for illustration) which resides in IPv4 network
-First, IPv6 client performs DNS resolution. IPv6 client sends DNS AAAA query to ADC.
-ADC transforms AAAA to A query by DNS64 iRule
-ADC forwards A query from previous step to DNS pool in IPv4 domain
-DNS server in IPv4 domain replies to ADC
-ADC performs appropriate transformation such as changing from A to AAAA query and changing IPv4 address to IPv6 address before forwarding DNS answer back to IPv6 client.
-ADC uses fix 96-bit prefix address concatenate with 32-bit IPv4 address to form new dynamic IPv6 address. This will be performing the dns64.
-Once IPv6 client gets the answer to AAAA query (as IPv6 destination address). It opens connection to the IPv6 destination address. Traffic to the IPv6 destination must be routed through ADC
-ADC receives IPv6 traffic from client, perform src and dst address translation, and forwards to IPv4 network. This will be perfroming the nat64
leblancAccountingAuthor Commented:
Very good explanation.
Is ADC nat64 or dns64 or both?
"by DNS64 iRule". Is this a server that will be doing this? Is this on the Internet or local to the host?
"step to DNS pool in IPv4 domain". This is in the Internet. Correct?
Rick HobbsRETIREDCommented:
1. Both.
2. It is an application running on either a server as in the MS UAG or an appliance  as in the F5, Netscaler, and A10 products.
3. Can be the Internet or another network.
btanExec ConsultantCommented:
Both. Yes it is in F5 device iRule script in their LTM. it can sits behind your firewall or even even at front of FW. The ipv4 can be internet as described. ADC is just the forward proxy gateway out to the ipv4 land

