Bron: Tuxis B.V. –
>What does nat64.tuxis.nl do?
It allows you to use an IPv6-only connection and still reach the IPv4 internet.
How does nat64.tuxis.nl work?
nat64.tuxis.nl is a simple server, with some cool software. We run PowerDNS’ Recursor to do DNS64, PowerDNS’s dnsdist to do DoT and DoH and Tayga to do NAT64. We filter, rate limit (and log!) with Ferm. So with all the software combined, we can allow you deploy IPv6-only machines. With DoH, you can choose to only browse via IPv6 and leave your other software intact with the normal resolver settings.
What do I need?
Well, not much. Just an IPv6-enabled connection to the internet.
How can I use it?
The resolver is reachable on 2a03:7900:2:0:31:3:104:161, via HTTPS (for DoH), ports 853 (DoT) and 53 (Old fashioned DNS). You can configure https://nat64.tuxis.nl/ as custom DNS over HTTPS provider in Firefox (or experimental in Chrome) or as your normal resolver.
What are you logging?
Since we are including the NAT64-service, it will seem as if requests you make through this service are coming from us. Since not all persons are a nice as we are, we are using iptables logging to log all nat’ed traffic. This logging includes:
- Your IPv6-address
- Your source port
- The destination (DNS64) address
- The destination port
- The timestamp
[Mon Oct 21 12:49:43 2019] Outgoing-NAT: IN=ens18 OUT=nat64 MAC=8e:39:8e:ad:f5:6b:00:25:90:5d:c1:e1:86:dd SRC=2a03:7900:0064:0000:0000:0000:0000:1001 DST=2a03:7900:6446:0000:0000:0000:3655:362b LEN=72 TC=0 HOPLIMIT=61 FLOWLBL=361783 PROTO=TCP SPT=57712 DPT=443 WINDOW=288 RES=0x00 ACK URGP=0
This data will not be used for anything other than abuse-tracking. The logs will be removed after three days. The mere goal for this data is to be able to redirect abuse-complaints to the original abuser.
If you have suffered abuse from nat64.tuxis.nl (18.104.22.168 in the IPv4-world). Please contact us at firstname.lastname@example.org!