DNS64 - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0

DNS64 is one of the transition mechanisms that enable the communication between IPv4 resources and IPv6-only hosts.

Many organizations have adopted IPv6 due to the scarcity of available IPv4 space. However, the majority of content and resources on the Internet still remain IPv4-only and aren't directly accessible over IPv6-only systems as the two protocols aren't compatible. This means that IPv4-only and IPv6-only hosts can't communicate each other without a translation mechanism that maps one to the other. DNS64 is one of the transition mechanisms that enable the communication between IPv4 resources and IPv6-only hosts.

When an IPv6-only device requests a AAAA record for a host that's IPv4 only, they would normally be returned a failed response. Working in conjunction with a NAT64 gateway, DNS64 synthesizes a AAAA record based on the existing A record. This is done by converting the IPv4 address of the existing A record to a routable IPv6 address for the synthesized AAAA record.

The device then connects to the IPv6 address of the AAAA record returned by DNS64. All traffic for the synthesized IPv6 addresses is automatically redirected to the NAT64 gateway, which then converts the connection to the correct IPv4 address.

This is completely transparent to the end user and the device allowing IPv6-only client to communicate with IPv4 hosts.
Note: NAT64 translation is beyond the scope of this guide. For more information about NAT64, refer to RFC 6146, Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers.
The following diagram describes the steps involved for an IPv6-only client to communicate with IPv4-only server using DNS64.

  1. An IPv6-only client sends query for AAAA records to a recursive DNS server with DNS64 enabled.
  2. The recursive DNS server queries AAAA records to an external server.
  3. The external name server responds with A records.
  4. The recursive DNS server uses DNS64 to synthesize a AAAA record and returns the AAAA record to the IPv6-only client.
  5. The client connects to the IPv6 address of the AAAA record and is directed to the NAT64 server.
  6. NAT64 translates the IPv6 address to IPv4 address, using the same mechanism used to synthesize the IPv6 record of the AAAA record, but in reverse, and connects to IPv4-only server.
    Note: Although DNS64 and NAT64 work together, the two mechanisms are completely separate. There's no shared state between these two – only a common translation mechanism. Both DNS64 and NAT64 must be configured to synthesize IPv6 addresses from IPv4 addresses using the same methods to ensure proper translation.

In order to configure DNS64 support on a DNS Server, the following configuration has to be defined in Address Manager: DNS tab > DNS Views level > DNS64 tab > Add DNS64 Declaration page.