Fortinet black logo

CLI Reference

config global-dns-server dns64

config global-dns-server dns64

Use this command to map IPv4 addresses to AAAA queries when there are no AAAA records. This feature is optional. It can be used in network segments that use NAT64 to support IPv6 client communication with IPv4 backend servers.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
  • You must have configured address objects that specify the network segments for which the DNS64 map applies.
  • You must have read-write permission for global load balancing settings.

After you have created a DNS64 configuration, you can specify it in a DNS policy configuration.

Syntax

config global-dns-server dns64

edit <name>

set exclude {any | none | <datasource>}

set mapped-address {any | none | <datasource>}

prefix6 <ip&netmask>

source-address {any | none | <datasource>}

next

end

exclude

Specify a wildcard (any or none) or an address object. Allows specification of a list of IPv6 addresses that can be ignored. Typically, you exclude addresses that do have AAAA records.

mapped-address

Address object that specifies the IPv4 addresses that are to be mapped in the corresponding A RR set.

prefix6

IP address and netmask that specify the DNS64 prefix. Compatible IPv6 prefixes have lengths of 32, 40, 48, 56, 64 and 96 as per RFC 6052.

Each DNS64 configuration has one prefix. Multiple configurations can be defined.

source-address

Specify an address object. Only clients that match the source IP use the DNS64 lookup table.

Example

FortiADC-VM # config global-dns-server dns64

FortiADC-VM (dns64) # edit 1

Add new entry '1' for node 2289

FortiADC-VM (1) # get

prefix6 : ::/0

source-address :

mapped-address :

exclude :

FortiADC-VM (1) # set prefix6 64:ff::/96

FortiADC-VM (1) # set source-address any

FortiADC-VM (1) # set mapped-address dns64_mapped_pool

FortiADC-VM (1) # set exclude none

FortiADC-VM (1) # get

prefix6 : 64:ff::/96

source-address : any

mapped-address : dns64_mapped_pool

exclude : none

FortiADC-VM (1) # end

config global-dns-server dns64

Use this command to map IPv4 addresses to AAAA queries when there are no AAAA records. This feature is optional. It can be used in network segments that use NAT64 to support IPv6 client communication with IPv4 backend servers.

Before you begin:

  • You must have a good understanding of DNS and knowledge of the DNS deployment in your network.
  • You must have configured address objects that specify the network segments for which the DNS64 map applies.
  • You must have read-write permission for global load balancing settings.

After you have created a DNS64 configuration, you can specify it in a DNS policy configuration.

Syntax

config global-dns-server dns64

edit <name>

set exclude {any | none | <datasource>}

set mapped-address {any | none | <datasource>}

prefix6 <ip&netmask>

source-address {any | none | <datasource>}

next

end

exclude

Specify a wildcard (any or none) or an address object. Allows specification of a list of IPv6 addresses that can be ignored. Typically, you exclude addresses that do have AAAA records.

mapped-address

Address object that specifies the IPv4 addresses that are to be mapped in the corresponding A RR set.

prefix6

IP address and netmask that specify the DNS64 prefix. Compatible IPv6 prefixes have lengths of 32, 40, 48, 56, 64 and 96 as per RFC 6052.

Each DNS64 configuration has one prefix. Multiple configurations can be defined.

source-address

Specify an address object. Only clients that match the source IP use the DNS64 lookup table.

Example

FortiADC-VM # config global-dns-server dns64

FortiADC-VM (dns64) # edit 1

Add new entry '1' for node 2289

FortiADC-VM (1) # get

prefix6 : ::/0

source-address :

mapped-address :

exclude :

FortiADC-VM (1) # set prefix6 64:ff::/96

FortiADC-VM (1) # set source-address any

FortiADC-VM (1) # set mapped-address dns64_mapped_pool

FortiADC-VM (1) # set exclude none

FortiADC-VM (1) # get

prefix6 : 64:ff::/96

source-address : any

mapped-address : dns64_mapped_pool

exclude : none

FortiADC-VM (1) # end