Join Log in
Score:0
OttoEisen avatar Server

Windows DNS64 Server

br flag
OttoEisen

As detailed on the MS Q&A site I have trouble implementing DNS64 on my Windows 2019 domain controllers / DNS servers. The PowerShell CmdLets run fine, but they don't do anything, I ran Set-NetDnsTransitionConfiguration -PrefixMapping "2001:db8:cafe:64::/96,0.0.0.0/0" -State Enabled and everything looks fine, but clients don't get AAAA records e.g. for azure.com and Get-NetDnsTransitionMonitoring shows 0s everywhere.
The PowerShell CmdLets are there, so I assume they are supposed to work. OTOH I recently found that on Windows that's not always the case :-(
An old post on TechNet (RIP) claimed that it worked on 2012R2, but the admin had DirectAccess installed. Which I normally wouldn't touch with a 10 foot pool, especially on a DC. But running BIND on my Linux routers is sub-optimal as well.
Are there no other Windows admins out there looking to go IPv6 native?

160
1 + 7
Michael Hampton avatar
cz flag
Michael Hampton
Yes, you have to have DirectAccess installed, but why do you insist on installing it on the domain controller? Most of the dinosaurs you're trying to communicate with probably can't even join the domain anyway.
0
Reply
OttoEisen avatar
br flag
OttoEisen
@MichaelHampton: I'm trying to go IPv6-native and the "dinosaurs" I'm trying to communicate with are out on the Internet, like StackExchange ;-) I have NAT64 on my router but you still need DNS64 and I've grown quite fond of the DNS Manager, also all my systems already use the DCs as DNS servers. So it would be nice to use them for DNS64 as well.
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
You keep saying "IPv6-native" but nothing prevents you from also using IPv4 to access sites on the Internet. Are you instead trying to set up an IPv6-_only_ network?! Most of us run dual stack.
0
Reply
OttoEisen avatar
br flag
OttoEisen
@MichaelHampton Yes, I mean IPv6-only. Getting tired of configuring everything twice... Right now I have configured 2 BIND servers as forwarders on my DCs and the idea is to go back to Windows DNS only.
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
I can see doing this as an experiment but we're probably at least 10 years away from this being a reasonable thing to do in most contexts. In the meantime you'll probably have to run NAT64/DNS64 on your DNS servers (not your DCs).
0
Reply
OttoEisen avatar
br flag
OttoEisen
@MichaelHampton: My DCs are my DNS servers: replication and secure dynamic updates are nice things to have. And for the 10 years: why, oh lord, why?? I have 3 (cellular) internet connections and only get a single public IPv4. And _that_ terminates on a CPE which does not even do port forwarding. Promote IPv6, please :-)
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
I am promoting IPv6! I've been using it since 2006! I am also realistic about it. I know there are many people and companies out there who will wait as long as possible to move. Realistically we'll be doing dual stack for a very long time, at least in production.
0
Reply
Score:0
OttoEisen avatar Server
br flag
OttoEisen

OK, just to close this: I've decided to set up DNS64 using BIND servers on my Debian routers. It's easy and it works like a charm. Still a petty that Windows DNS does not seem to support DNS64. Otherwise Windows DNS is really nice and running DNS on my routers makes me feel quite uncomfortable...

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.