Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

Westar — Wed, 26 Dec 2012 10:54:18 GMT

If the IPV4 address is in DMZ, is there any special configurations needed to access this website using DirectAccess? I am able to access internal website successfully.

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

yahya — Sat, 10 Mar 2012 06:46:55 GMT

To All.

How to i get this application???

i need it.

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

Dave Ryan — Fri, 17 Feb 2012 20:36:46 GMT

Could an NT service using IPv4 on the DirectAccess Client be able to talk to a IPv4 application on the domain or would the application have to be re-written in IPv6?

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

Boudewijn — Fri, 17 Feb 2012 10:40:50 GMT

With DA hosted by UAG. Are you not able to ping or reach and IPv4 IP Address directly?

(with this question I mean that you don't use a DNS name)

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

Mario — Thu, 20 Oct 2011 02:38:28 GMT

If an ISATAP entry is not created in DNS, is it safe to assume that all requests will be resolved as NAT64 addresses?

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

Patrick — Mon, 22 Aug 2011 18:43:41 GMT

Thanks Tom!

Does NAT64/DNS64 on UAG perform any caching? We did a DR test recently where an IPv4 address had to be changed (It points to a non-IPv6 load balancer, so no AAAA record). Even though an NSLookup instantly replied with the correct IPv4 address, it seemed to take a while before DA started sending traffic to the new IPv4 address.

If it does cache the IPv4 address, is there a way to configure the TTL, or manually flush the cache?

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

Thomas W Shinder - MSFT — Mon, 21 Mar 2011 13:26:23 GMT

Hi Arun,

If you don't use the UAG DNS64 service, the server won't have a mapping for your IPv4 hosts on the intranet, and won't be able to create the NAT64 address for the intranet host. You would never use an external DNS server to resolve internal host names in a DirectAccess scenario.

HTH,

Tom

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

Arun — Thu, 03 Mar 2011 07:13:02 GMT

Thanx Tom.

The DNS query from the client can be sent to any server. The client can be configured to used publicly available DNS servers instead of the DirectAccess DNS64.

In such case, the pre-defined prefix may be different and NAT64 will see an an IPv6 packet from which it is not able to identify if the IPv6 contains a mapped IPv4 address.

How do we handle such a case.

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

Thomas W Shinder - MSFT — Wed, 05 Jan 2011 16:14:49 GMT

Hi Arun,

NAT64 works with DNS64. When the client sends a name query request, the DNS64 (which is a DNS proxy) services fowards the query to the DNS server. If the DNS server returns an IPv6 address (such as an ISATAP address) it will forward the IPv6 address to the DirectAccess client; if an IPv4 address were returned, the NAT64 service would convert the IPv4 address to an IPv6 address and return that to the DirectAccess client. The DirectAccess client then sends a request to that address, The NAT64 services on the UAG DirectAccess server sees the request to that IPv6 address and is aware that this address is mapped to an IPv4 address - it then NATs this to the IPv4 address forwards the connection to the IPv4 address of the destination host.

HTH,

Tom

re: Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

Arun — Wed, 05 Jan 2011 15:41:02 GMT

How does NAT64 know if the dst-address to which packet is sent is an IPv6 address or IPv6 address with embedded IPv4 addrs