DNS64 support

For those of us running IPV6-only networks via NAT64, it would be great to have a version of 1.1.1.1 (obviously the IPV6 version) that supports DNS64. There are other DNS competitors offering this service, and it would be awesome to have a privacy-oriented offering.

Cloudflare DNS now supports DNS64

dns64.Cloudflare-dns.com

use the following IP address

2606:4700:4700::64
2606:4700:4700::6400

1 Like

Sorry for not responding sooner, but I really appreciate this. I saw your post and have been using the dns64 servers daily.

Well, the thread is more than a year old, but for clarification, 1.1.1.1 supported IPv6 from the get-go and not only from December, as the response would suggest.

It supported ipv6, but dns64 was either not supported or advertised. The dns64 resolver ipv6 addresses are distinct from the ipv6 “normal” resolver addresses.

I made use of nat64/dns64 to support ipv6-only devices on a development network.

My bad, misunderstood the question.

Though I wonder, how can Cloudflare synthesise IPv6 addresses from an IPv4 one? That would mean Cloudflare offers such a gateway and tunnels all these requests through it, wouldnt it?

No problem!

dns64 is really cool, but requires a router that supports nat64 in order to do the ipv6 -> ipv4 translation.

Basically, if an ipv6-only client tries to connect to an ipv4-only server, the ip returned from a dns64 resolver is in a reserved subnet in ipv6 form. When the client then tries to connect to this ipv6 address, the router performs nat64 on the connection & sends the request out from the ipv4 egress interface of the router.

The combination of dns64/nat64 allows you to operate ipv6-only networks & still connect to ipv4 “legacy” servers.

It would be interesting if Cloudflare (and other DNS64 providers) could somehow support customising the prefix, so that you could use one of the publicly available NAT64 services.

Just for fun, I did just that, for DNS over HTTPS, in a worker:

Currently deployed here (but don’t over use, or I’ll have to turn it off):
https://dns64.nunocruces.workers.dev/dns-query?prefix=2a00:1098:2b::&prefix=2a00:1098:2c::

It was just a fun hack, but passing in multiple prefixes from different providers gives a level of redundancy.