IPFYI
🔄 IPv6 Transition 10 मिनट पढ़ें

NAT64 & DNS64: Bridging IPv6-Only Networks

How NAT64 and DNS64 work together to let IPv6-only clients access IPv4-only servers, enabling organizations to run IPv6-only networks.

The Problem

If your network is IPv6-only but the destination server only supports IPv4, how does communication happen? You cannot simply route an IPv6 packet to an IPv4 address.

NAT64 and DNS64 solve this by translating between the two protocols at the network edge.

How DNS64 Works

DNS64 is a modified DNS resolver that synthesizes AAAA records for domains that only have A records:

  1. Client queries DNS64 resolver for example.com AAAA.
  2. DNS64 checks — example.com has no AAAA record, only A record 93.184.216.34.
  3. DNS64 synthesizes: 64:ff9b::93.184.216.3464:ff9b::5db8:d822.
  4. Client receives the synthesized AAAA record and connects to that IPv6 address.

The well-known prefix 64:ff9b::/96 is reserved for NAT64 translation (RFC 6052).

How NAT64 Works

The NAT64 gateway receives the IPv6 packet addressed to 64:ff9b::5db8:d822 and:

  1. Extracts the embedded IPv4 address (93.184.216.34) from the last 32 bits.
  2. Creates a new IPv4 packet with the NAT64 gateway's public IPv4 as the source.
  3. Forwards the packet to the IPv4 destination.
  4. Translates the IPv4 response back to IPv6 for the client.
IPv6 Client                NAT64 Gateway              IPv4 Server
    |                           |                          |
    |-- IPv6 to 64:ff9b::X --> |                          |
    |                           |-- IPv4 to X ----------->|
    |                           |<-- IPv4 response -------|
    |<-- IPv6 response --------|                          |

Deployment Options

Solution Type Use Case
Jool Open source (Linux) Self-hosted NAT64
Tayga Open source (Linux) Lightweight stateless NAT64
PREF64 Router advertisement Mobile networks (RFC 8781)
Cloud NAT64 Managed service AWS, GCP IPv6-only VPCs

Limitations

  • IP address literals — Applications using hardcoded IPv4 addresses (e.g., http://1.2.3.4/) bypass DNS64 and fail.
  • Protocol inspection — Protocols that embed IP addresses in payloads (FTP, SIP) need application-level gateways (ALGs).
  • Fragmentation — IPv6 headers are larger than IPv4, and the translation may trigger fragmentation issues.
  • Logging — The NAT64 gateway must maintain state for connection tracking, similar to NAT44.

464XLAT: Client-Side Solution

For mobile devices and applications that require a real IPv4 address, 464XLAT (RFC 6877) provides a client-side NAT46 translator (CLAT) that works with the network-side NAT64 (PLAT):

App (IPv4) → CLAT (NAT46 on device) → IPv6 network → PLAT (NAT64) → IPv4 internet

This is widely deployed by mobile carriers (T-Mobile, EE) running IPv6-only networks.

यह भी देखें

Anycast शब्दकोश Broadcast शब्दकोश CIDR शब्दकोश DHCP शब्दकोश Dynamic IP शब्दकोश IPv4 शब्दकोश IPv6 शब्दकोश Loopback Address शब्दकोश IPv4 vs IPv6 तुलना Public vs Private IP Addresses तुलना Static vs Dynamic IP Addresses तुलना TCP vs UDP तुलना