cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11986
Views
0
Helpful
7
Replies

Implementation of NAT64 & DNS64

SASipraPK
Level 1
Level 1

I  have implementated IPv6-Only LAN (wired and Wireless) at our office, and enable the it to browse IPv6 and IPv4 web sites at sametime without any involvement host machine. This is done by  DNS64 and NAT64.

Implemenation details and configuration are attached.....

Comments and reviews are highly appreciated .....

regards

Sohail A Sipra

7 Replies 7

joyride_us2
Level 1
Level 1

Hi!

interesting and thanks for the doc. The book mentions DNS ALG and NAPT-PT...do you know if it is implemented on "standard" equipment ?

Thanks

According to my knowledge....there are two(2) commercial solution available .... one by Cisco (CGv6 blade for CRS-1 ) and other by Microsoft (Forefront UAG Direct Access).

Additionally, NAT64 is not simple NAT-PT, where it has variation, by which it extracts IPv4 from Synthesized-IPv6 (produce in result of DNS64 proccess).

Hi!

apparently the Cisco IOS has NAT-PT including DNS-ALG. This should work fine. The router will try a AAAA request first (to nowhere in my case) and an A request which will work. It will "encapsulate" the returned IPv4 address in an IPv6 packet back to the requester.

Any objection ?

hi,

     There is slight Difference between NAT-PT and NAT64, NAT64 is ment for to make IPv6 operate in IPv4 dominate Internet .... where NAT-PT is the technique is IPv4 operate in IPv6 dominate Word...

Following line of code of Cisco Device will help you to understand the difference in context...

!! any IPv6 packet with destination 2001::c0a8:28c8 will be translated to an IPv4 destination !!192.168.40.200

          ipv6 nat v4v6 source 192.168.40.200 2001::C0A8:28C8................................(A)

!! any IPv6 packet with IPv6 source address 2001:a:b:c:X with X=1,2,3 will be translated to an IPv4 source address 192.168.40.X with X=1,2,3 respectively.

          ipv6 nat v6v4 source 2001:A:B:C::1 192.168.40.1

          ipv6 nat v6v4 source 2001:A:B:C::2 192.168.40.2

          ipv6 nat v6v4 source 2001:A:B:C::3 192.168.40.3

     its not possible to add statements like  "A" for every network in the internet..... but yes you can do it in your LAB or can keep some portion of your datacenter on IPv4 and use NAT-PT to make it live with reset of your IPv6 Network.

"NAT-PT Transition method can be a good solution when IPv6 will be the predominant connectivity type with a need to connect to specific IPv4 nodes in their way to die out"

Regards,

dwing
Level 1
Level 1

FYI, BIND 9.8.0 includes DNS64 support, http://ftp.isc.org/isc/bind9/9.8.0/RELEASE-NOTES-BIND-9.8.html

Also, there isn't any need to use 64:ff9b, unless you want to.

It seems odd that you're getting a synthesized address for a supposedly IPv6-enabled domain in 4.7.1.1:

DNS Query of IPv6 Enable Domain
C:\Users\Latherio>nslookup
Default Server: UnKnown
Address: 2404:f400:1::2
> www.google.com
Server: UnKnown
Address: 2404:f400:1::2
Non-authoritative answer:
Name: www.l.google.com
Addresses: 64:ff9b::d155:e768  <<<<<<<<<<<<<<<
209.85.231.104
Aliases: www.google.com

A difficulty with www.google.com is that some DNS servers are whitelisted (such as Hurricane Electric's, last I checked), but most are not and won't return a AAAA.  Better to verify with a FQDN that is absolutely going to return AAAA, such as ipv6.google.com.

-Dan Wing

please i need help , with nat64/dns64.  I'm doing academic research on this technique , so please can anyone edentify the issues of this techqnique

Shri612
Level 1
Level 1

Which physical device are you using for NAT64  Is it A10 device?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: