Supporting IPV6 Dns64/nat64 Networks (Audit declined)

Tag: Button response Business enter Wi-Fi val problem tcp, UDP status

The full text revolves around the IPV4 and IPv6 between the client and the server.

First, the problem leads

We discovered one or more bugs in your apps when reviewed on the IPad running IOS 10.3.2 on Wi-Fi connected to an IPV6 network.

Specifically, tapping some buttons produced an error message.

Please see attached screenshots for details.

Next Steps

To resolve the issue, please run the Your app on a device while connected to an IPV6 network (all apps must support IPV6) to Identify any issues, then revise and resubmit your apps for review.

If We misunderstood the intended behavior of your app, please reply to this message in Resolution Center to provide inform Ation on what these features were intended to work.

For new apps, uninstall all previous versions of your app from a device, then install and follow the steps to reproduce th E issue. For updates, install the new version as a update to the previous version and then follow the steps to reproduce the issue.

APP Store Review Guidelines

2.5.5 We'll be reviewing on a IPv6 network, so if your app isn ' t compatible with the IPV6 addressing, it may fail Durin G Review.

Problem Analysis : Our app does not have IPV6 environment server, and does not support NAT64+DNS64 service. Causes the client to not find the IPV6 server under the IPV6 network and cannot convert the connection to the IPV4 server.

solution : Access via DNS64 +nat64.

1, the domain name can be resolved out of the global IPV6 address. Open the link http://www.subnetonline.com/pages/converters/ipv4-to-ipv6.php, enter the IPV4 value such as 100.100.100.100, the calculated IPv4 value is 6464 : 6464, with the fixed prefix 2001:67c:2b0:db32::1, combined with a full IPv6 value of 2001:67c:2b0:db32::1:6464:6464.

2, add a 4A record in the domain name management. AAAA records (AAAA record) are DNS records used to resolve domain names to IPv6 addresses.

Scenario Detection : Open the link http://ipv6-test.com/validate.php, enter the domain name, as a result, the operation is successful.

Ii. IPv6, DNS64, NAT64

1, IPv6

1) IPV6 is an Internet Protocol version 6 (Internet Protocol version 6), IPV6 used instead of IPV4, claiming to be able to make a web address for every grain of sand around the world.

2) Presentation method
The IPV4 contains 4 paragraphs of decimal, IPV6 contains 8 segments of Hex, and is 4 times times the length of the IPv4 address. So IPv4 dot decimal format no longer applies, there are 3 ways to represent IPV6:
Split hexadecimal notation
The format is x:x:x:x:x:x:x:x, where each x represents 16b in the address, in hexadecimal notation, leading 0 per x can be omitted, for example:
2001:0db8:0000:0023:0008:0800:200c:417a→2001:db8:0:23:8:800:200c:417a
0-bit compression notation
If the IPV6 address contains a long period of 0, you can compress a contiguous 0 to "::". At the same time, in order to ensure the uniqueness of address resolution, the address "::" can only appear once, for example:
Ff01:0:0:0:0:0:0:1101→ff01::1101
0:0:0:0:0:0:0:1→::1
0:0:0:0:0:0:0:0→::
Inline IPV4 address notation
In order to realize Ipv4-ipv6 interworking, the IPV4 address is embedded in the IPV6 address, at which point the address is often expressed as: X:x:x:x:x:x:d.d.d.d, the first 96b is in hexadecimal notation, and the last 32b address is denoted by the dotted decimal of IPv4, for example: : 192.168.0.1 and:: ffff:192.168.0.1 is a typical example of two, note that in the first 96b, the method of compressing 0 bits still applies.

2, NAT64

NAT64 is a state-of-the-art network address and Protocol conversion technology, which generally only supports access to IPV4-side network resources through IPV6 network-side user-initiated connections. But NAT64 also supports manual configuration of static mappings to enable IPV4 networks to initiate connection access IPV6 networks. NAT64 can implement TCP, UDP, ICMP protocol IPv6 and IPV4 Network address and protocol conversion.

3, DNS64

DNS64 is mainly to cooperate with NAT64 work, mainly to the DNS query information in the A record (IPv4 address) into the AAAA record (IPv6 address), the return of the composite AAAA record users to the IPV6 side users.

Third, why use IPV6?

1. IPV4 address limit is exhausted.

2, IPV6 is more effective than IPv4. Avoid using NAT to convert network addresses, provide fast network access by simplifying the head structure, prevent network splitting, and avoid resolving neighbor addresses.

3, 4G support IPV6 network.

4, multimedia Services (SMS, voice) support IPV6 network.

5. The service provider undertakes additional business and management costs, continues to support the traditional IPV4 network, and the industry continues to migrate to IPV6.

Iv. Dns64/nat64 Conversion Flow

1, the cellular network provides IPV4 and IPV6 connection separately.

2. Ideally, the provider abandons support for the IPV4 network, but this prevents some networks from accessing the IPV4 server. To solve this problem, mainstream network providers implement Dns64/nat64 conversion workflows. The following is a support for the IPV6 network to continue supporting IPV4 content through conversion.

The deployed IPV6 cellular network includes DNS64 and NAT64,

3. Under this type of deployment, the client sends a DNS request to the DNS64 server, requesting a IPV6 address. If IPV6 exists, it is immediately posted back to the client. However, if IPV6 does not exist, the DNS64 server requests an alternate IPV4 address, and then DNS64 the server with the IPV6 address prefix to the federated IPV4 Address, which is passed back to the client. In this way, the client is sure to accept the IPV6 address.

4, when the client sends a request to the server, any IPV6 package is considered to be synthesized by DNS64 address, walk NAT64 gateway route. The NAT64 gateway can convert IPv6 to IPV4, and the response from the server can also convert IPv4 to IPV6.

Dns64/nat64 Workflow

V. Ensure IPV6 Dns64/nat64 available

1, the use of the underlying network API is not recommended. There are no compatibility issues with these APIs in the blue part of the show, and most of the APIs we use for ourselves include those of third-party web libraries.

2, do not use IP address. Some methods in the network class pass in the value do not pass the IP address, but should use the domain name.
3, check the code of incompatible IPV6
The following APIs are not included in the project, and are only handled for IPV4.
INET_ADDR ()
Inet_aton ()
Inet_lnaof ()
INET_MAKEADDR ()
Inet_netof ()
Inet_network ()
Inet_ntoa ()
Inet_ntoa_r ()
Bindresvport ()
Getipv4sourcefilter ()
Setipv4sourcefilter ()
If you use these IPv4 types on the left, then their corresponding IPV6 types also need to be handled

VI. IPV6 Web App Test

The official website provides a NAT64 network to build a IPV6 network through Mac Sharing (Operation tutorial stamp ios-without cable build IPV6 network test environment).

Individuals do not recommend such a test, I am such a test can be normal access, but the audit was refused.

Practice shows that through the 1th program testing, Apple will be approved by the official.

This document is referenced from Apple's official documentation:

Supporting IPV6 Dns64/nat64 Networks

Supporting IPV6 Dns64/nat64 Networks (Audit declined)