Silently drop queries for AAAA records
David A. Evans
Evans_David_A at cat.com
Tue Dec 7 22:31:12 UTC 2010
I'm in the mood to prove a point. I have a very poorly written
application that is generating a few hundred queries per second of
completely bogus AAAA records before attempting a lookup of the correct A
records. This is because the application was compiled with a IPv6
interface enabled on the severs so it assumes that v6 is available. It is
not. The application owner does not see an issue as they get the handful
NXDOMAIN responses back in ~2 ms for each valid response and don't see any
performance hit.
I would like to silently drop the AAAA record lookups instead of
responding back with NXDOMAIN. Thusly generating a performance hit as the
application waits 2 seconds for the reply.
I have found the filter-aaaa-on-v4 but it doesn't quiet do what I
want. From the description and my testing it appears to still reply with
NXDOMAIN to these queries, it simply filters out the 'valid' AAAA records
from IPV4 based replies. (which is a really cool solution to other issues,
but not what I need.)
Besides spinning up a bind 4.x box which google tells me did this
by default, is there any way of doing this?
David A. Evans
Enterprise IP/DNS Management
Network Infrastructure Tools and Services
Evans_David_A at cat.com
Eschew Obfuscation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101207/ed3386ac/attachment.html>
More information about the bind-users
mailing list