IPv6 is a fundamentally different Internet Protocol than IPv4, and IPv6-only networks cannot, by default, communicate with the IPv4 Internet. This lack of interoperability necessitates complex mechanisms for incremental deployment and bridging networks so that non-dual-stack systems can interact with the whole Internet. NAT64 is one such bridging mechanism by which a network allows IPv6-only clients to connect to the entire Internet, leveraging DNS to identify IPv4-only networks, inject IPv6 response addresses pointing to an internal gateway, and seamlessly translate connections. To date, our understanding of NAT64 deployments is limited; what little information exists is largely qualitative, taken from mailing lists and informal discussions. In this work, we present a first look at the active measurement of NAT64 deployment on the Internet focused on deployment prevalence, configuration, and security. We seek to measure NAT64 via two distinct large-scale measurements: 1) open resolvers on the Internet, and 2) client measurements from RIPE Atlas. For both datasets, we broadly find that despite substantial anecdotal reports of NAT64 deployment, measurable deployments are exceedingly sparse. While our measurements do not preclude the large-scale deployment of NAT64, they do point to substantial challenges in measuring deployments with our existing best-known methods. Finally, we also identify problems in NAT64 deployments, with gateways not following the RFC specification and also posing potential security risks.

翻译：IPv6是一种与IPv4根本不同的互联网协议，默认情况下仅支持IPv6网络无法与IPv4互联网通信。这种互操作性缺失使得渐进式部署和网络桥接机制变得不可或缺，以确保非双栈系统能够与整个互联网交互。NAT64正是这样一种桥接机制——通过利用DNS识别纯IPv4网络、注入指向内部网关的IPv6响应地址、并实现无缝连接翻译，允许仅支持IPv6的客户端连接整个互联网。目前，我们对NAT64部署的了解十分有限：现有信息大多来自邮件列表和非正式讨论的定性资料。本文首次对互联网上NAT64部署的活跃测量进行了系统研究，重点关注部署普及度、配置及安全性。我们通过两种大规模测量方法评估NAT64：1）互联网上的开放解析器；2）来自RIPE Atlas的客户端测量数据。在这两组数据中，我们发现尽管存在大量关于NAT64部署的传闻性报告，但可测量的部署极为稀少。虽然我们的测量结果并不排除NAT64的大规模部署可能性，但确实揭示了现有最佳方法在测量部署时面临的重大挑战。最后，我们还发现了NAT64部署中的问题：部分网关未遵循RFC规范，并存在潜在安全风险。