Bind DNS64
 

Hey guys!

I'm configuring a internal network, how are just in IPV6, and the external network is a IPV4.

To do that I'm using the Tayga to create the tunnel translation, and RADVD to use like DHCP ipv6. but I don't know how i can get the Bind to work like a DNS64..

Let me explain What I need.. When the host try to resolv a name (DNS), the bind can't answer with the real IPV6 of the name, he need to answer based on my local IPV6 range, using the translation to IPV4 address.

Is already working when the site don't have IPV6 address, but when it have, the DNS resolv the real IPV6 IP and, because I don't have a real range IPV6 on the external network, I'm not allow to get access.


Follow below my network setup:

ETH0 - 192.168.1.0/24 (Internet access)
ETH1 - Using TAYGA NAT64 tunnel ( IP 2001:db8:ca00:ffff::/96)

Bind (named.conf.options):

==
// If BIND logs error messages about the root key being expired,
auth-nxdomain no;
allow-recursion { 2001:db8:ca00:ffff::/96; 192.168.255.0/24; 127.0.0.1; };
#allow-recursion-on { any; };
listen-on-v6 { any; };
dns64 2001:db8:ca00:ffff::/96 {
#recursive-only yes;
clients { 192.168.255.0/24; 2001:db8:ca00::/64; 2001:db8:ca00:ffff::/96; 192.168.1.0/24; };
break-dnssec yes;
mapped { !10/8; any; };
exclude { 2001:db8:ca00:ffff::/96; };


I'dont know if i have missing samethin on bind configuration, or I need to search something who blocks the AAAA Answers from the external network.

Thanks guys, it's my first post, so.. take easy.. :)

Hey guys,

I have found the answer, using BIND.

When you configurate the BInd to use DNS64, you can put the command "EXCLUDE ( RangeIPV6YouWantToDenyTheAAAAAnswer;);"

like me, i Put ( ::1/0; ); and now is working, every answer AAAA is blocked and force to translate the A answer to my IPV6 local network.

Thanks guys, with you have any other problem, let me know.