How can limit recursive query on ipv6 network?
LEE SUKMOON
smlee at sk.com
Wed Jan 4 02:05:21 UTC 2017
Hello.
Our DNS Server has services on IPv6 network.
Clients queries on ipv6 network. But recursive client query is only to use on ipv4 network.
(DNS Server has not ipv6 network for foreign network.)
So DNS server performs unnecessary a recursive client query for ipv6.
How can limit recursive query on ipv6 network?
I modified some source code as shown below to confirm the ipv6 limit query for recursive client.
This code seems to work well. Is there any problem using this?
Thanks.
[root at smlee:/root/isc] $ diff -Nur bind-9.9.9-P4/ bind-9.9.9-P4-ipv6/
diff -Nur bind-9.9.9-P4/lib/dns/resolver.c bind-9.9.9-P4-ipv6/lib/dns/resolver.c
--- bind-9.9.9-P4/lib/dns/resolver.c 2016-10-21 14:12:02.000000000 +0900
+++ bind-9.9.9-P4-ipv6/lib/dns/resolver.c 2017-01-03 19:11:57.246779004 +0900
@@ -3419,6 +3419,7 @@
return;
}
+retry_addrinfo:
#ifdef ENABLE_FETCHLIMIT
while ((addrinfo = fctx_nextaddress(fctx)) != NULL) {
if (! dns_adbentry_overquota(addrinfo->entry))
@@ -3428,6 +3429,16 @@
addrinfo = fctx_nextaddress(fctx);
#endif /* !ENABLE_FETCHLIMIT */
+ if (addrinfo != NULL &&
+ addrinfo->sockaddr.type.sa.sa_family == AF_INET6) {
+ /*
+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+ "skip %p (%s) %p", fctx, fctx->info, addrinfo);
+ */
+ goto retry_addrinfo;
+ }
+
/*
* While we may have addresses from the ADB, they
* might be bad ones. In this case, return SERVFAIL.
More information about the bind-users
mailing list