NAT64 health daemon
This daemon monitors the health of a selection of NAT64 /96 prefixes and
when needed it updates a BIND configuration such that at any time it
contains 2-3 prefixes for BIND to use when synthesizing AAAA records.
The number of active prefixes at any given time was choosen to be 2-3
in order to keep the DNS response size under 512 bytes in most common
cases and still allowing the client to do failover between different
NAT64s in case one suffer from a problem which can only be detected by
the client attempting end-to-end communication.
Example use cases
ISP want to run their access network (or possibly their entire
network) as IPv6-only. The ISP makes deals with 2-3 transit
providers to operate 2 NAT64 prefixes each for redundancy. ISP
configures 3 DNS64 servers running BIND with each using this daemon
to monitor all the NAT64 prefixes and update the local BIND instance
with a selection of prefixes.
End user site is running a local network as IPv6-only and want a
local DNS64 server to direct traffic to a redundant set of NAT64s.
The NAT64s may be a combination of:
A local NAT64 gateway connecting IPv6-only LAN to ISP with
IPv4 support. Multiple such NAT64s connected to different ISPs
A NAT64 provided by the ISP providing the IPv6 connectivity for
A public NAT64 operated by a third party.
- Download the source: hg clone https://v6tools.kasperd.dk/nat64health/
- Change directory and build the code: cd nat64health ; make
- Install the executables: sudo install health-daemon.py update-dns64 /usr/local/sbin
- Create /etc/bind/nat64-prefixes with three or more NAT64 prefixes. It could for example look like this:
- Edit /etc/bind/named.conf.options and inside the options section add the line: include "/var/lib/bind/dns64.conf";
- Start the daemon:
su -s /bin/sh - bind -c '/usr/local/sbin/health-daemon.py /etc/bind/nat64-prefixes -- /usr/local/sbin/update-dns64' &
- Edit /etc/rc.local to add the command to start the daemon at boot.