Experimental NAT64/DNS64 Service

Raimundas Tuminauskas — 01 Jun 2011
The Lithuanian research and education network LITNET has introduced the NAT64/DNS64 service at the TERENA Networking Conference (TNC2010) last year, and it has been running ever since. The main feature of NAT64/DNS64 is that it can not only be used as a usual NAT, but as a meeting point between two networks. The service is open to anyone wishing to try an IPv6-only setup (subject to the compliance with our acceptable use policy).
Since IPv4 and IPv6 are not on-the-wire compatible, IPv4-only and IPv6-only hosts can not talk to each other without help. NAT64/DNS64 (as described in RFCs 6146 and RFC 6147 ) is a technique that enables the inter-working between the two different protocols and is based on the interception of DNS queries. The image in Figure 1 describes what happens in case an IPv6-only host wants to connect to an IPv4-only host: the DNS64 box creates an AAAA record based on the A record for the host it wants to connect to. The NAT64 box does a stateful translation of the actual connection from the IPv6-only host to the IPv4-only server.

NAT64/DNS image

Figure 1: NAT64/DNS64

To start using this service, you simply need to point your primary resolver to a DNS64 server address.

LITNET and Kaunas University of Technology have started a public NAT64/DNS64 service over a year ago to test the implementation and to see if it is actually useful. So far it has been used mainly for experiments with IPv6-only host accessing IPv4 networks, but the usage scenarios are not limited to this. It may be the ultimate tool that will enable silent and smooth transition to IPv6 without dual-stack. In the image below you can see traffic statistics as observed on our NAT64 server.

NAT64/DNS traffic statistics

Figure 2: Traffic Statistics observed on our NAT64 server

Detailed information about the service is available at:


