Filtering IPv6 AAAA records?
Michael Hoskins (michoski)
michoski at cisco.com
Tue Jul 24 18:39:12 UTC 2012
-----Original Message-----
From: Paul Reilly <pareilly at tcd.ie>
Date: Tuesday, July 24, 2012 11:06 AM
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: Filtering IPv6 AAAA records?
>Is it possible using the BIND resolver to filter out AAAA record replies
>to end clients?
>
>Since Google added an IPv6 AAAA record, I'm having problems with some
>Macs trying to connect to Google on IPv6 instead of IPv4.
>We have a partial IPv6 network. IPv6 works internally, but outbound
>internet access is only permitted using IPv4.
>However the Macs are seeing the IPv6 address for google.com
><http://google.com>, and trying to connect over IPv6 which eventually
>just times out.
>
>We don't have desktop control over our large Mac user base, so turning
>off IPv6 is not so easy.
>I was thinking I could configure BIND to only return A records from
>google.com <http://google.com> and not any AAAA records.
>
>Is this possible?
Since you mention "IPv6 works internally," are the clients actually
querying your name server over v6 or v4?
It might not meet your exact requirements, but have you checked the ARM
for filter-aaaa-on-v4?
http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#id2578393
More information about the bind-users
mailing list