DNS64

DNS64

DNS64

 

DNS64 is a mechanism used in IPv6 networks to facilitate communication between IPv6-only clients and IPv4-only servers. This is especially important in the context of the ongoing transition from IPv4 to IPv6. Since these are two different protocols and not directly compatible, mechanisms like DNS64 are essential for interoperability. This is accomplished in DDI Central using the DNS option dns64. Configuring dns64 option involves setting up a DNS server that can synthesize AAAA records (IPv6 addresses) from A records (IPv4 addresses) when no native AAAA records are available. This configuration is typically done on a DNS server that's designed to support DNS64 functionality.

DNS64 works by prefixing an IPv4 address with a specific IPv6 prefix. This prefix is usually a /96 prefix, which leaves room for the entire IPv4 address. A common prefix used is 64:ff9b::/96, but you can use a different one if required.

Example in ISC BIND format

options { // other options... dns64 64:ff9b::/96 { clients { any; }; // more specific configurations if needed }; };
  • dns64 64:ff9b::/96 specifies the DNS64 prefix.
  • clients { any; }; indicates that DNS64 translation should be applied to requests from all clients. You can restrict this to certain clients or networks if necessary.
  • Configuring DNS64 in DDI Central

    To configure it select DNS-> Config-> DNS Option

    • On the DNS options page, click on the Options drop down box to search for dns64 option.
    • The dns64 option appears with all its attributes. Fill in the values for each attribute and click

    Here are the attributes within the dns64 option:

    netprefix: This is the IPv6 prefix that is used to synthesize AAAA records. It's typically a /96 prefix, and the IPv4 address is appended to this prefix to create the IPv6 address in the synthesized AAAA record. Example value: dns64 64:ff9b::/96 { ... };

    break-dnssec: This attribute, when set, allows DNS64 to synthesize AAAA records even for DNSSEC-signed domains. This can potentially break DNSSEC validation, as the synthesized AAAA record does not actually exist in the DNS. Example value: break-dnssec yes;

    clients: Specifies for which clients the DNS64 rule applies to. You can define a match list of IP addresses or subnets from which the clients are allowed to use DNS64. Example value: clients { any; };

    exclude: Used to define IP address ranges for which DNS64 should not synthesize AAAA records. This is useful for networks or hosts that are reachable over native IPv6. Example value: exclude { 2001:db8::/32; };

    recursive-only: When set to yes, DNS64 synthesis is performed only for recursive queries. It won’t synthesize records for authoritative answers. Example value: recursive-only yes;

    mapped: This attribute controls whether DNS64 synthesis is applied to domains that have both A and AAAA records. If set, it will synthesize AAAA records even if native AAAA records exist. Example value: mapped yes;

    suffix: This optional attribute specifies a suffix to append to the synthesized IPv6 address. It's rarely used as the default behavior (without a suffix) is generally preferred. Example value: suffix ::1;

    Each of these attributes fine-tunes the behavior of DNS64, allowing for customization based on specific network needs, especially in environments transitioning to IPv6 or operating in dual-stack (IPv4 and IPv6) scenarios. It's important to configure these settings carefully to ensure proper network functionality and to avoid unintended disruptions, particularly with regard to DNSSEC and native IPv6 connectivity.

    Click Save to see the dns64 option in effect.


                  New to ADSelfService Plus?

                    • Related Articles

                    • Configuring DNS client subnets

                      Configuring DNS Clientsubnets Client subnets in Microsoft DNS, are named groups of IP subnets that allow DNS servers to provide more specific responses based on the client’s location or network segment. A client subnet is identified by a name and ...
                    • Managing DNS views

                      Managing DNS Views What are DNS views? DNS views or Domain views serve different responses to DNS queries based on various criteria, most commonly the source of the query or the host accessing it. This indicates that the DNS server can present one ...
                    • DNS Domain migrations

                      DNS domain migrations When you opt for the No Discovery mode, ME DDI Central enables you to add new empty DNS servers, DDI Central prompts youto fill in a special field called DNS Domain Migrations. When using this special field, it is necessary to ...
                    • Managing DNS Views

                      What are DNS views? DNS views or Domain views serve different responses to DNS queries based on various criteria, most commonly the source of the query or the host accessing it. This indicates that the DNS server can present one set of DNS ...
                    • DNS query analytics

                      DNs analytics dashboard provides a network administrator with quick insights into the DNS and leased IP activity related to a particular domain or network segment. It helps in monitoring network usage, identifying potential issues, and understanding ...