I am currently experimenting running an IPv6 only WLAN at work, so thought I’d try experimenting at home. Whereas at work we have a CSR1000v to perform the NAT64 and a separate Linux VM for DNS64, the config below details combining both functions on a Raspberry Pi (RPi).
The topology looks like this:

apt-get install bind9 tayga
/etc/network/interfaces
allow-hotplug eth0
iface eth0 inet static
address 10.10.64.64
netmask 255.255.255.0
gateway 10.10.64.1
iface eth0 inet6 static
address 2001:470:6ba8:aaa1::64
netmask 64
DNS64 is performed by the bind9 service. Using the config below if a user device requests a AAAA and one does not exist, it appends the IPv4 address to the defined 2001:470:1111:6464::/96 prefix. So querying raven.ecs.soton.ac.uk (152.78.70.1) actual returns 2001:470:1111:6464::984e:4601 .
/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
};
dnssec-validation auto;
auth-nxdomain no;
listen-on-v6 { any; };
allow-query { any; };
dns64 2001:470:1111:6464::/96 {
clients { any; };
};
};
To ensure that DNS requests are handled by the server itself.
/etc/resolv.conf
nameserver localhost
Tayga provides the NAT64 function. It listens for packets with the prefix 2001:470:1111:6464::/96 stripping the last 32 bits and converting them back into an IPv4 address. The IPv6 source address is mapped to an IPv4 address from the Tayga IPv4 pool. The connection is then forwarded via IPv4 using the IPv4 pool address as the source…NAT64.
The Tayga process also configures iptables to perform a masquerade of the pool address to the RPi’s eth0 interface.
/etc/tayga.conf
tun-device nat64
ipv4-addr 10.64.64.1
prefix 2001:470:1111:6464::/96
dynamic-pool 10.64.64.0/24
/etc/default/tayga
RUN=”yes”
/etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
You could configure the topology such that all traffic is routed via the RPi, but the configuration below that only traffic destined for the NAT64 goes to the RPi.
1841 router
!
interface FastEthernet0/0
ip address 10.10.64.1 255.255.255.0
ip nat inside
ipv6 address 2001:470:1111:AAA1::1/64
!
interface FastEthernet0/1
ip address 10.10.10.100 255.255.255.0
ip nat outside
!
ip nat pool outside_pool 10.10.10.32 10.10.10.64 prefix-length 24
ip nat inside source list inside_hosts interface FastEthernet0/1 overload
!
ip route 10.64.64.0 255.255.255.0 10.10.64.64
ipv6 route 2001:470:1111:6464::/96 2001:470:1111:AAA1::64
!
ip access-list standard inside_hosts
permit 10.10.64.0 0.0.0.255
deny any log
!
Leave a Reply