DNS64 must be configured in Address Manager to enable the DNS Server to synthesize AAAA records from A records.
To configure DNS64 support:
- Select the DNS tab in the sidebar, then select Views.
- Select the name of a view in the Views table or DNS tree.
- Select the DNS64 tab.
- Select New.
-
Under General, configure the following parameters:
- Prefix—enter an IPv6 network prefix. This is the IPv6 prefix used to synthesize IPv6 addresses from IPv4 addresses. In most cases you will want to specify a dedicated /64 network from your existing Global Unicast or Unique Local address spaces that isn't in use today. The prefix should match what's configured on the NAT64 server. NAT64 prefixes are restricted to /32s, /40s, /48s, /56s, /64s, or /96s.
- Suffix—can be used to specify the bits trailing the IPv4 address bits in the mapped response. This is optional and by default the bits are set to ::. If the prefix is set to /96 bits, the suffix doesn't need to, or can't be specified.
- Recursive only—if selected, the DNS64 synthesis will only apply to recursive queries.
- Break DNSSEC—if selected, the DNS64 synthesis will occur even if the DNSSEC validation fails.
-
Under Clients, configure the following parameters:
- Match type—indicates an address match list of clients for whom
the service is provided. Select one of the following options from the
drop-down menu. Selecting an option will change the client text field or
drop-down menu.
- IPv6 address or block—select to specify client IPv6
addresses or blocks for which you wish to enable DNS64. If
selected, a text field will appear; enter the required IPv6
addresses or blocks, and then select the add
(+) icon. If nothing is specified,
DNS64 applies to all clients.Note: Due to a known issue with ISC’s named-checkconf tool, even if DNS validation is enabled on Address Manager, the Clients option in the DNS64 declaration won't get validated upon the DNS deployment to a managed BlueCat DNS Server.
TSIG key—select to specify client using the matching TSIG key. If selected, a drop-down menu listing TSIG keys in Address Manager will appear. Select one or more TSIG keys and then select the add (+) icon.
ACL—select ACLs specifying clients. If selected, a drop-down menu listing pre-defined and customer ACLs in Address Manager will appear. Select one or more ACLs and then select the add (+) icon.
- IPv6 address or block—select to specify client IPv6
addresses or blocks for which you wish to enable DNS64. If
selected, a text field will appear; enter the required IPv6
addresses or blocks, and then select the add
(+) icon. If nothing is specified,
DNS64 applies to all clients.
- Exclude—select the checkbox to add an exclusion.
- Match type—indicates an address match list of clients for whom
the service is provided. Select one of the following options from the
drop-down menu. Selecting an option will change the client text field or
drop-down menu.
-
Under Mapped, configure the following parameters:
- Match type—indicates which IPv4 addresses within the A resource
record set will be mapped to corresponding AAAA answers. elect one of
the following options from the drop-down menu. Selecting an option will
change the client text field or drop-down menu.
- IPv4 address or block—select to specify the IPv4 addresses to be mapped in the corresponding A to AAAA records transition. In most cases, you will want to enable DNS64 for all addresses as you won't know ahead of time which IPv4 addresses will require mapping and which won't. If selected, a text field will appear; enter the required IPv4 addresses or blocks, and then select the add (+) icon. If nothing is specified, DNS64 maps all addresses.
- ACL—select ACLs containing client IPv4 addresses that will be mapped. If selected, a drop-down menu listing pre-defined and customer ACLs in Address Manager will appear. Select one or more ACLs and then select the add (+) icon.
- Exclude—select the checkbox to add an exclusion.
- Match type—indicates which IPv4 addresses within the A resource
record set will be mapped to corresponding AAAA answers. elect one of
the following options from the drop-down menu. Selecting an option will
change the client text field or drop-down menu.
-
Under Excluded, configure the following parameters:
- Match type—defines which IPv6 clients will be excluded from the
DNS64 service. Select one of the following options from the drop-down
menu. Selecting an option will change the client text field or drop-down
menu.
- IPv6 address or block—specify a list of IPv6 addresses or networks that will be ignored if they appear in a domain name’s AAAA records. If selected, a text field will appear; enter the required IPv6 addresses or blocks, and then select the add (+) icon. If specified, DNS64 will be applied to any A records the domain name owns.
- ACL—select ACLs containing client IPv6 addresses that will be ignored. If selected, a drop-down menu listing pre-defined and customer ACLs in Address Manager will appear. Select one or more ACLs and then select the add (+) icon.
- Exclude—select the checkbox to add an exclusion.
- Match type—defines which IPv6 clients will be excluded from the
DNS64 service. Select one of the following options from the drop-down
menu. Selecting an option will change the client text field or drop-down
menu.
- In the Change control section, add comments if required.
- Select Create.
- Deploy the configuration to the DNS server. For more information, refer to Manual deployment.