filter-a and dns64 in a ipv6-only network
Thomas Schäfer
tschaefer at t-online.de
Mon Jan 30 19:01:25 UTC 2023
Hi,
I use tumbleweed for testing, since compiling bind is hard(at least for me).
bind version: 9.18.11
options {....
dns64 64:ff9b::/96 {
clients { any; };
recursive-only yes;
mapped { !10/8; any; };
};
};
plugin query "filter-a.so" {
filter-a-on-v6 break-dnssec;
filter-a-on-v4 break-dnssec;
filter-a { ::/0 ; };
};
My test setup is intended to be ipv6-only. Please don't try to convince me,
that clat would be better.
(https://lists.isc.org/mailman/htdig/bind-users/2022-March/105826.html) I
don't want IPv4 at all.
The first line of the man page says:
"filter-a - filter A in DNS responses when AAAA is present"
and here starts my problem: dns64 generates an AAAA-Record, but the plugin
filter-a expects an real AAAA-response. In the end a isn't filtered.
Example with real aaaa-record
host ct.de ::1
Using domain server:
Name: ::1
Address: ::1#53
Aliases:
ct.de has IPv6 address 2a02:2e0:3fe:1001:302::
ct.de mail is handled by 50 secondarymx.heise.de.
ct.de mail is handled by 10 relay.heise.de.
Example with synthesized aaaa-record
host sz.de ::1
Using domain server:
Name: ::1
Address: ::1#53
Aliases:
sz.de has address 195.50.177.61
sz.de has IPv6 address 64:ff9b::c332:b13d
sz.de has IPv6 address 64:ff9b::c332:b13d
sz.de mail is handled by 50 sz-de.mail.protection.outlook.com.
How can I achieve to remove a-records at any time?
Regards,
Thomas
More information about the bind-users
mailing list