NAT64 health daemon

This daemon monitors the health of a selection of NAT64 /96 prefixes and when needed it updates a BIND configuration such that at any time it contains 2-3 prefixes for BIND to use when synthesizing AAAA records.

The number of active prefixes at any given time was choosen to be 2-3 in order to keep the DNS response size under 512 bytes in most common cases and still allowing the client to do failover between different NAT64s in case one suffer from a problem which can only be detected by the client attempting end-to-end communication.

Example use cases

ISP want to run their access network (or possibly their entire network) as IPv6-only. The ISP makes deals with 2-3 transit providers to operate 2 NAT64 prefixes each for redundancy. ISP configures 3 DNS64 servers running BIND with each using this daemon to monitor all the NAT64 prefixes and update the local BIND instance with a selection of prefixes.
End user site is running a local network as IPv6-only and want a local DNS64 server to direct traffic to a redundant set of NAT64s. The NAT64s may be a combination of:
- A local NAT64 gateway connecting IPv6-only LAN to ISP with IPv4 support. Multiple such NAT64s connected to different ISPs is possible.
- A NAT64 provided by the ISP providing the IPv6 connectivity for this site.
- A public NAT64 operated by a third party.

Installation instructions

Download the source: hg clone https://v6tools.kasperd.dk/nat64health/
Change directory and build the code: cd nat64health ; make
Install the executables: sudo install health-daemon.py update-dns64 /usr/local/sbin
Create /etc/bind/nat64-prefixes with three or more NAT64 prefixes. It could for example look like this:
Edit /etc/bind/named.conf.options and inside the options section add the line: include "/var/lib/bind/dns64.conf";
Start the daemon:
Edit /etc/rc.local to add the command to start the daemon at boot.