How to connect to DNS64 servers if I only have an IPv4 WAN

Popular ISPs in my country used to provide a dual stack PPPoE connection, until they turn off IPv6 for no reason recently. I was left with only an IPv4 address on the PPPoE interface.

I have a plan of converting my network to IPv6 only, and need to use NAT64/DNS64 to let LAN devices communicate with IPv4-only servers on the Internet. By reading the user guide, I know that I have to set the DNS address to some DNS64 server, Google's DNS64 for example:

  • 2001:4860:4860::6464
  • 2001:4860:4860::64


(sample image taken from Wikipedia)

The problem is such addresses are obviously IPv6 ones, while I only have IPv4 on my PPPoE interface, so it is not possible to access these servers. You may ask why just not use dual-stack for LAN devices. Yes I know that, but I want to ditch IPv4 on my local network for good, so that I do not have to maintain both versions.

Is there something else I can do?

I'm on mobile and would need to send you example config later... However...

If your router has enough disk space, then I would recommend to use bind9 because the dns64 is quick and easy to configure and for nat64 to use https://www.jool.mx/en/run-nat64.html but last time I tried to compile for Openwrt it failed and I have used it on a debian machine...
And bird2 or radvd to advise the DNS resolver via slaac.

1 Like

Why not just configuring the IPv4 DNS servers on OpenWrt, for the router itself (it should do this by default), dnsmasq running on OpenWrt in return will answer on IPv6 requests coming from your lan.

2 Likes

Is it possible using the default dnsmasq? Adding a prefix 64:ff9b::/96 sounds like a trivial function, but I neither know if dnsmasq supports it, nor how to configure it.

You're missing the point. DNS64 is for the following situation:

  • The ISP is IPv6 only, or it supports both families but you prefer to use IPv6.
  • You wish to access a site which is IPv4 only.

When a DNS64 DNS server looks up a name and finds the site is IPv4 only (no AAAA record exists), it converts the IPv4 IP to an IPv6 by returning a synthetic AAAA record consisting of specialprefix::ipv4inbinary The web browser etc then tries to access this IPv6 site.

This depends on there existing a special NAT64 machine upstream (after your IPv6 only connection) which will intercept specialprefix and not route it to the IPv6 Internet, instead it will strip off the last 32 bits as an IPv4 destination IP and NAT out a connection to the IPv4 Internet. The NAT64 is usually operated by the ISP but in some cases the "well known prefix" 64:ff9b:: will find its way to a public NAT64 and be processed.

2 Likes

It is not the situation which I want to use DNS64 for, even if it is the main purpose of it. Like described in the topic, I wanted to move my local network to IPv6-only, while I had an IPv4-only WAN connection. I will do whatever it takes to achieve it, as long as it is possible.

You will need somehow dual stack, like with he.net or another tunnel broker... And yes, if you have a dual stack router you can setup dns64/nat64 by yourself for your local v6 only network.

2 Likes