Overview
Genius Impact VPSs are assigned IPv6 addresses only. To allow these servers to reach IPv4-only destinations on the internet, RackGenius provides a NAT64/DNS64 service. This translates IPv6 traffic to IPv4 transparently, requiring no changes to your applications beyond pointing your DNS resolver at our servers.
Important: Only traffic destined for IPv4-only hosts passes through the NAT64 gateway. Destinations that have native IPv6 addresses are reached directly over IPv6 — the NAT64 server is not involved. Applications that hardcode IPv4 addresses (e.g. 1.2.3.4) rather than using hostnames, will not work through NAT64.
How It Works
When your VPS makes a connection to an IPv4-only destination:
- Your VPS queries our DNS64 resolver for the hostname
- If the hostname has no native IPv6 address, our resolver synthesizes an AAAA record embedding the destination's IPv4 address inside our NAT64 prefix
- Your VPS connects to the synthesized IPv6 address
- Our NAT64 gateway translates the connection to IPv4 and forwards it
- Responses are translated back to IPv6 and returned to your VPS
This is fully transparent; your applications see only IPv6 addresses throughout.
Michigan (Grand Rapids)
Use the following DNS64 resolvers if your VPS is located in our Michigan datacenter. Configure both for redundancy; if one is unavailable, the other handles your queries.
| Server | DNS64 IPv6 Address | NAT64 Prefix | NAT64 IPv4 |
|---|---|---|---|
| MI-NAT64-1 (Primary) | 2602:f964:1:fff1::64 |
2602:f964:1:fff1:1::/96 |
23.157.100.64 |
| MI-NAT64-2 (Secondary) | 2602:f964:1:fff2::64 |
2602:f964:1:fff2:1::/96 |
23.157.100.65 |
Verification
DNS64 synthesis check
- dig AAAA ipv4only.arpa
Expected: address starting with 2602:f964:1:fff1:1:: or 2602:f964:1:fff2:1::
NAT64 connectivity check
- curl -6 http://ipv4.icanhazip.com
Expected: 23.157.100.64 or 23.157.100.65
Real-world tests
- ping 2602:f964:1:fff1:1::[IPv4] (ex: 2602:f964:1:fff1:1::8.8.8.8)
- ping github.com
- apt update
General Information
NAT64 Gateway IPv4 Addresses
When your traffic exits via NAT64, it will appear to originate from the NAT64 gateway's IPv4 address listed in your location's table above. If you need to whitelist RackGenius NAT64 IPs with a third-party service, add all IPs for your location.
Known Limitations
- Applications with hardcoded IPv4 addresses will not work through NAT64
- Some services may block or restrict connections originating from NAT64 gateway IPs
- NAT64 adds a small amount of latency for IPv4-destined traffic due to address translation (typically under 1ms on-network)
- Use
traceroute6rather thantraceroutewhen tracing paths through NAT64 - Source port numbers below 1024 are not available for NAT translation
- NAT64 traffic runs through a separate node and may result in some network speed loss for IPv4 destinations due to overhead
Frequently Asked Questions
Are the NAT64/DNS64 servers used by default?
Yes, new Genius Impact VPSs are provisioned with the NAT64/DNS64 servers already configured. No additional setup is required for new deployments. If you have an existing VPS that was provisioned before this service was available, please update your DNS servers to the addresses listed in your location's table above to take advantage of NAT64/DNS64.
Does all my traffic go through the NAT64 server?
No. Only traffic destined for IPv4-only hosts is routed through the NAT64 gateway. If a destination has a native IPv6 address (AAAA record), your VPS connects directly over IPv6, and the NAT64 server is never involved. Most major services, such as Google, Cloudflare, and Facebook, are natively IPv6 and will always be reached directly.
Will my outbound IPv4 address change?
When connecting to IPv4-only destinations, your traffic will appear to originate from one of the NAT64 gateway IPs listed in your location's table. This is shared across all VPSs using the NAT64 service in that location. Dedicated IPs via the NAT64 service is not available.
Why can't I connect to a service even though NAT64 is configured?
The most common reasons are: the application is using a hardcoded IPv4 address instead of a hostname, the NAT64 prefix routes are missing from your VPS (see Step 2 above), or the destination service is blocking connections from shared NAT IP addresses. Run curl -6 http://ipv4.icanhazip.com and dig AAAA ipv4only.arpa and include the output when contacting support. Please note: support is limited with this free service.
Can I use my own DNS resolver with NAT64?
Yes. If you run your own recursive resolver (such as Unbound or BIND9), you can configure it to perform DNS64 synthesis using our NAT64 prefix.
Does this allow me to connect to the VPS over IPv4?
No, your VPS only has IPv6 connectivity. IPv4 is only reachable from inside the VPS when using the NAT64 service.
Support
If you experience issues with NAT64 connectivity, please contact RackGenius support at [email protected] or +1-309-777-6253 opt. 3, providing:
- Your VPS hostname or IPv6 address
- The destination you are trying to reach
- The output of
curl -6 http://ipv4.icanhazip.comanddig AAAA ipv4only.arpa
