BIND 9.8.0 Adds DNS64 Support - Part 1 - What is DNS64?
The Internet Systems Consortium (ISC) recently introduced BIND 9.8.0, a major release with several new features. I'd like to focus on DNS64 support, which is an IPv4-IPv6 co-existence feature that enables IPv6 hosts to connect to IPv4 destinations via a NAT64 (IPv6-to-IPv4 network address translator). DNS64 functions operate on a recursive server which attempts to resolve queries on behalf of its clients.
When a client issues a query for a AAAA (IPv6 address) record type for a particular destination host, the DNS server initially behaves normally, locating the authoritative server and issuing the query. If AAAA record(s) are returned, the servers passes this to the resolver client and a native IPv6 connection ensues. If no AAAA records are received, the DNS64 service performs an additional query for the same destination host though for the A (IPv4 address) record type. If a successful response is received, the DNS64 service concatenates the returned IPv4 address to a pre-defined IPv6 prefix to formulate an IPv6 address. This IPv6 address is returned as the answer to the original AAAA query from the resolver client, and it connects the client to the NAT64 gateway.
The NAT64 gateway is configured to listen for IPv6 packets on all addresses within the same pre-defined IPv6 prefix that the DNS64 service uses to append resolved IPv4 addresses. When the client host sends the IPv6 packet to initiate the connection to the resolved IPv6 address, the NAT64 gateway receives the packet and it knows to what IPv4 destination it is destined as appended. Hence the NAT64 device allocates an outgoing source IPv4 address and initiates a connection to the IPv4 destination. The NAT64 device interconnects the IPv6 session with the originating host with the IPv4 session to the destination host. Thus IPv6 hosts are able to communicate with IPv4 destinations! For more details including a timeflow diagram please see my recent white paper which includes discussion of DNS64.
When a client issues a query for a AAAA (IPv6 address) record type for a particular destination host, the DNS server initially behaves normally, locating the authoritative server and issuing the query. If AAAA record(s) are returned, the servers passes this to the resolver client and a native IPv6 connection ensues. If no AAAA records are received, the DNS64 service performs an additional query for the same destination host though for the A (IPv4 address) record type. If a successful response is received, the DNS64 service concatenates the returned IPv4 address to a pre-defined IPv6 prefix to formulate an IPv6 address. This IPv6 address is returned as the answer to the original AAAA query from the resolver client, and it connects the client to the NAT64 gateway.
The NAT64 gateway is configured to listen for IPv6 packets on all addresses within the same pre-defined IPv6 prefix that the DNS64 service uses to append resolved IPv4 addresses. When the client host sends the IPv6 packet to initiate the connection to the resolved IPv6 address, the NAT64 gateway receives the packet and it knows to what IPv4 destination it is destined as appended. Hence the NAT64 device allocates an outgoing source IPv4 address and initiates a connection to the IPv4 destination. The NAT64 device interconnects the IPv6 session with the originating host with the IPv4 session to the destination host. Thus IPv6 hosts are able to communicate with IPv4 destinations! For more details including a timeflow diagram please see my recent white paper which includes discussion of DNS64.
Comments
Post a Comment