Fortinet black logo

Handbook

Configuring DNS64

Configuring DNS64

The DNS64 configuration maps IPv4 addresses to AAAA queries when there are no AAAA records. This feature is optional. It can be used in network segments that use NAT64 to support IPv6 client communication with IPv4 backend servers.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
  • You must have configured address objects that specify the network segments for which the DNS64 map applies. See Configuring an address group.
  • You must have Read-Write permission for Global Load Balance settings.

After you have created a DNS64 configuration, you can select it a DNS policy configuration.

To configure DNS64:
  1. Go to Global Load Balance > Zone Tools.
  2. Click the DNS64 tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in DNS64 configuration.

DNS64 configuration

Settings Guidelines

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference the name in the global DNS policy configuration.

After you initially save the configuration, you cannot edit the name.

IPv6 Prefix

IP address and netmask that specify the DNS64 prefix. Compatible IPv6 prefixes have lengths of 32, 40, 48, 56, 64 and 96 as per RFC 6052.

Each DNS64 configuration has one prefix. Multiple configurations can be defined.

Source Address

Select an address object. Only clients that match the source IP use the DNS64 lookup table.

Mapped Address

Select an address object that specifies the IPv4 addresses that are to be mapped in the corresponding A RR set.

Exclude

Select an address object. Allows specification of a list of IPv6 addresses that can be ignored. Typically, you exclude addresses that do have AAAA records.

Configuring DNS64

The DNS64 configuration maps IPv4 addresses to AAAA queries when there are no AAAA records. This feature is optional. It can be used in network segments that use NAT64 to support IPv6 client communication with IPv4 backend servers.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
  • You must have configured address objects that specify the network segments for which the DNS64 map applies. See Configuring an address group.
  • You must have Read-Write permission for Global Load Balance settings.

After you have created a DNS64 configuration, you can select it a DNS policy configuration.

To configure DNS64:
  1. Go to Global Load Balance > Zone Tools.
  2. Click the DNS64 tab.
  3. Click Create New to display the configuration editor.
  4. Complete the configuration as described in DNS64 configuration.

DNS64 configuration

Settings Guidelines

Name

Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. You reference the name in the global DNS policy configuration.

After you initially save the configuration, you cannot edit the name.

IPv6 Prefix

IP address and netmask that specify the DNS64 prefix. Compatible IPv6 prefixes have lengths of 32, 40, 48, 56, 64 and 96 as per RFC 6052.

Each DNS64 configuration has one prefix. Multiple configurations can be defined.

Source Address

Select an address object. Only clients that match the source IP use the DNS64 lookup table.

Mapped Address

Select an address object that specifies the IPv4 addresses that are to be mapped in the corresponding A RR set.

Exclude

Select an address object. Allows specification of a list of IPv6 addresses that can be ignored. Typically, you exclude addresses that do have AAAA records.