Configuring Google Public DNS64
If your system has no problems with the above Google Public DNS64 restrictions, you can perform the installation according to the instructions below, replacing the standard addresses with the following addresses:
- 2001: 4860: 4860 :: 6464
- 2001: 4860: 4860 :: 64
Not configuring any other IPv6 addresses by doing so will make DNS64 unreliable. If you also configure IPv4 Google Public DNS addresses (126.96.36.199 or 188.8.131.52), dual-stack servers may not receive aggregated AAAA records.
Some devices will use separate fields for all 8 parts of the IPv6 address and do not accept the abbreviated syntax :: IPv6 . For such schools, enter:
- 2001: 4860: 4860: 0: 0: 0: 0: 6464
- 2001: 4860: 4860: 0: 0: 0: 0: 64
Expand entry 0 to 0000 and entry 64 to 0064 if 4 hex digits are required.
Check DNS64 settings
You can perform the following check steps to verify that the DNS64 configuration is working.
Some NAT64 implementations are known to not work with Google Public DNS64:
MacOS X 10.11 and later versions combine with NAT64 / DNS64 but cannot overcome IPv6, preventing access to Google Public DNS64 resolution tools. It is only used to check IPv6-only devices when you only have IPv4 connections with the Internet and only works with DNS64 devices.
Cisco ASA 9.0 and later versions incorporate NAT64 but do not support the 64: ff9b :: / 96 prefix and require you to choose your own prefix. It does not perform DNS64 but checks and rewrites the NAT of DNS traffic passing through NAT64 ports.
IPv6-only devices behind the Cisco ASA can receive IPv4 connections with Google Public DNS by configuring the following addresses:
::0808:0808( 184.108.40.206 through Cisco ASA NAT64 )
::0808:0404( 220.127.116.11 through Cisco ASA NAT64 )
This will lead queries to Google Public DNS through Cisco ASA NAT64. With some additional Cisco ASA configurations, queries will be converted into query A and responses A are translated back to AAAA with the prefix configured.
Using both NAT64 addresses and Google Public DNS IPv6 (2001: 4860: 4860 :: 8888 or 2001: 4860: 4860 :: 8844) does not work, because negative feedback from either address will not be accessed problem. You must choose an IPv6 or IPv4 DNS resolution for all queries.