mercredi 17 avril 2013

[DirectAcess] DNS64?

DNS64?

The DNS64 service group extensions of DNS around NAT, between an IPv6 client and an IPv4 server. DNS64 is described by the RFC 6147, here it will be the DirectAccess gateway will be host this service.


How it work (on Forefront UAG)?

In order to found the IPv6 address of the corporate resource in IPv4 the following steps will be done:
  1. The DirectAccess client makes an AAAA DNS request (IPv6 resource) for the server myserver.security.lab in our sample, to the DirectAccess gateway.
  2. The DirectAccess gateway forwards the request to his main DNS server, which responds that this record not exists for IPv6.
  3. In this case the DirectAccess gateway ask for the same resource but with an A request (IPv4 resource) for the same server myserver.security.lab.
  4. The DNS reply to the DirectAccess gateway with the entry 192.168.10.20 for the A record corresponding to myserver.security.lab.
  5. At the end the DNS64 service reply to the DirectAccess client with a DNS AAAA reply building from the information containing in the A record. Indeed the IPv6 will be built from the IPv4 of the server and by adding the NAT64 prefix to the reply, like NAT64prefix::192.168.10.20 for the record myserver.security.lab.

How it work (on Windows 2012 URA)?

You will found a detailed explanation on the article DNS64 behavior change in Windows Server 2012 written by Benoît Sautière.

Aucun commentaire:

Enregistrer un commentaire