Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 Basics & Questions & General Chatter => Topic started by: deags on August 19, 2016, 05:32:06 PM

Title: Are there any public NAT64 nodes?
Post by: deags on August 19, 2016, 05:32:06 PM
In this new day do these exist or have they all been ended (from what I can assume is abuse).
Title: Re: Are there any public NAT64 nodes?
Post by: aandaluz on August 23, 2016, 03:34:34 AM
a long time ago Andrews And Anorld Ltd had a dns64 gateway which was reacable from HE.net.  (2001:8b0:6464::1 and 2001:8b0:6464::2). I haven't checked lately if it still still operating for current tunnels:

http://aa.net.uk/kb-broadband-ipv6-nat64.html
Title: Re: Are there any public NAT64 nodes?
Post by: tjeske on April 13, 2019, 09:55:31 AM
There's still go6lab.si running since 2013. Works fine, albeit not the fastest. But perfect for testing, I'd say. Since they're using a public prefix, just set their DNS64 in your IPv6-only network as your DNS-resolver and you're good to go!

Though remember: all unencrypted traffic will pass their node unencrypted!
Title: Re: Are there any public NAT64 nodes?
Post by: kasperd on December 03, 2019, 03:00:30 PM
I don't know if the A&A NAT64 was a public NAT64 at some point. But these days it's not. Even for their own customers the NAT64 was not particular reliable, which I find a bit odd for an otherwise excellent ISP.

Of still operational public NAT64s I knew of only http://www.trex.fi/2011/dns64.html and https://go6lab.si/current-ipv6-tests/nat64dns64-public-test/ of which the TREX NAT64 was the most reliable even though it only had a single NAT64 prefix compared to the four which Go6lab has.

I eventually wrote a health checker that one can run along with a BIND DNS server to achieve redundancy across multiple NAT64 prefixes: https://v6tools.kasperd.dk/nat64health

Finally I took this futher and implemented my own public DNS64+NAT64 service: https://nat64.net/

Unlike the others I have redundancy across four geographical locations and two hosting providers. Each of my DNS64 health checks the NAT64 prefixes to ensure it's handing out AAAA records for NAT64s that are operational.

Unlike other NAT64 mine does not let you completely hide your real IPv6 address. I hope that will help prevent abuse. I also have a few other tricks up my sleeve to deal with abuse.
Title: Re: Are there any public NAT64 nodes?
Post by: rahulparekh on December 08, 2019, 05:10:31 AM
@Kasper Dupont - I am impressed with your public DNS64+NAT64 service! Thanks
Title: Re: Are there any public NAT64 nodes?
Post by: tjeske on December 10, 2019, 04:36:20 PM
Since a couple of weeks ago there's also nat64.tuxis.nl. At the moment only reachable via IPv6, but supports DoH and DoT so you can even set it on Android 9+ as Private-DNS.
Title: Re: Are there any public NAT64 nodes?
Post by: kasperd on December 12, 2019, 01:23:49 AM
Is DoH and DoT something which BIND on Ubuntu Sever 18.04 LTS can be configured to do? If it is, I'd happily support it on the DNS64 servers in my pool.

My searches so far have only lead to suggestions which involve an additional proxy layer and I suspect that would interfere with BIND's ability to choose a NAT64 close to the client.