Using NAT64 for IPv6 only DNS resolvers

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Using NAT64 for IPv6 only DNS resolvers

Nico Schottelius

Good morning,

I was wondering whether it is possible to configure IPv6 only BIND
resolvers to make use of a NAT64 prefix for outgoing requests?

I.e. the following situation:

- Resolver = 2001:db8::1, IPv6 only
- NAT64 prefix = 2001:db8:1:c001::/96

Now if bind sees example.com NS a.b.c.d, can we make bind reach out to
2001:db8:1:c001::a.b.c.d instead of trying to open up an IPv4 connection
to a.b.c.d?

This would be very helpful, as we more and more have IPv6 only hosts,
which only have access to the Internet via NAT64.

Note: this is not the same problem as enabling DNS64 for *clients*,
but very similar.

Best regards,

Nico


--
Sustainable and modern Infrastructures by ungleich.ch
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Using NAT64 for IPv6 only DNS resolvers

Mark Andrews
There is an open issue https://gitlab.isc.org/isc-projects/bind9/-/issues/608
and merge request https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/2166
to do this.

That said you should be asking your OS vendors why they are not providing/enabling
a CLAT implementation.  You could also look at using one of the other IPv4AAS (IPv4
as a service) solutions that doesn’t require manipulating the DNS, nor dual application
layer translation (e.g. DS-Lite, MAP-E).

Mark

> On 16 Mar 2021, at 01:24, Nico Schottelius <[hidden email]> wrote:
>
>
> Good morning,
>
> I was wondering whether it is possible to configure IPv6 only BIND
> resolvers to make use of a NAT64 prefix for outgoing requests?
>
> I.e. the following situation:
>
> - Resolver = 2001:db8::1, IPv6 only
> - NAT64 prefix = 2001:db8:1:c001::/96
>
> Now if bind sees example.com NS a.b.c.d, can we make bind reach out to
> 2001:db8:1:c001::a.b.c.d instead of trying to open up an IPv4 connection
> to a.b.c.d?
>
> This would be very helpful, as we more and more have IPv6 only hosts,
> which only have access to the Internet via NAT64.
>
> Note: this is not the same problem as enabling DNS64 for *clients*,
> but very similar.
>
> Best regards,
>
> Nico
>
>
> --
> Sustainable and modern Infrastructures by ungleich.ch
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users