Filter-AAAA-option
Mark Andrews
marka at isc.org
Mon Mar 9 23:39:00 UTC 2015
In message <1111388980.1345535.1425939288136.JavaMail.yahoo at mail.yahoo.com>, Shawn Zhou writes:
> Hello,
> I am testing filter-aaaa option with Bind 9.9.6-P2. I think there is a
> bug in the documentation onÂ
> https://kb.isc.org/article/AA-00576/0/Filter-AAAA-option-in-BIND-9-.html.
> I believe for the "filter-aaaa on, IPv4 source, no +dnssec" table on the
> page, for query "a0-aaaa-4" type "any", the answer section should be
> "AAAA, NSEC, RRSIG". When I tested with "any" for a "a0-aaaa-a4" record,
> I did see a AAAA response.
> Thoughts?
> Thanks,Shawn
You get verifyable answers with ANY (data + rrsigs) so whether it
filters or not depends upon whether the zone is signed or not with
ANY.
That said, it is well past the time when everyone should be providing
IPv6 transport. We actually have ISP's that only provided un-NATed
service on IPv6 as they have run out of IPv4 addresses to provide
everyone with a public IPv4 address.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list