Configuring NAT-PT

To configure Network Address Translation–Protocol Translation (NAT-PT), you must configure a Domain Name System application-level gateway (DNS ALG) application to map addresses returned in the DNS response to an IPv6 address. DNS ALG is used with NAT-PT to facilitate name-to-address mapping. When configuring NAT-PT, network address translation can either be an address-only translation or an address and port translation. The Junos OS implementation is described in RFC 2766 and RFC 2694.

Before you begin configuring NAT-PT with DNS ALG, you must have the following configured:

• NAT with two rules or one rule and two terms. The first NAT rule or term ensures that the DNS query and response packets are translated correctly. For this rule to work, you must configure a DNS ALG application and reference it in the first rule. The second rule or term is required to ensure that NAT sessions are destined to the address mapped by the DNS ALG application.
• A service set that references the first NAT rule or term and a multiservices interface. 

1. Configure the DNS session that processes packets to the DNS server:

   1. Configure the ALG to which the DNS traffic is destined at the [edit applications] hierarchy level. Define the application name and specify the application protocol to use in match conditions in the first NAT rule or term.
      [edit applications]user@host# set application application-name application-protocol application-protocol

      For example:

      [edit applications]user@host# set application dns_alg application-protocol dns
   2. Reference the ALG in the first NAT rule or term.
      [edit services nat rule rule-name term term-name] user@host# set from applications application-name

      In the following example, the application name is dns_alg.

      [edit services nat rule rule1 term term1] user@host# set from applications dns_alg
   3. Define the DNS ALG pool or prefix for mapping IPv4 addresses to IPv6 addresses.
      [edit services nat rule rule-name term term-name]user@host# set then translated dns-alg-prefix dns-alg-prefixuser@host# set then translated dns-alg-pool dns-alg-pool

      The following example shows the configuration of the 96-bit prefix for mapping IPv4 address to IPv6 addresses.

      [edit services nat rule rule1 term term1] user@host# set then translated dns-alg-prefix 10:10:10::0/96

[edit applications]
user@host# show 
application dns_alg {
    application-protocol dns;
}

[edit services nat]
user@host# show 
rule rule1 {
            applications dns_alg;
        }
        then {
            translated {
                dns-alg-prefix 10:10:10::0/96;
                }
            }
        }
    }
}

[edit services nat]
user@host# show 
rule rule2 {
    term term1 {
        from {
            destination-address {
                10:10:10::c0a8:108/128;
            }
        }
        then {
            translated {
                source-prefix 19.19.19.1/32;
                }
            }
        }
    }
}