filter queries for A records from some clients
Brian J. Murrell
brian at interlinx.bc.ca
Thu Mar 10 23:40:04 UTC 2022
I am trying to do some testing of an IPv6-only network here using some
nat64 to reach the "legacy" :-) IPv4 Internet. My network is currently
dual-stack.
I have dns64 query mapping working, but I am still seeing some clients
that I am trying to test with (that still have IPv4 addresses until the
test proves successful) using IPv4 to the Internet. I can only surmise
that this is a case where the client did a happy-eyeballs query for
both A and AAAA records and got an A record back first.
To that effort, I want to try filtering out A record queries (or
responses) from those clients so that they only get the AAAA results
back whether those are real IPv6 addresses or dns64 mapped addresses.
Is there any way to filter A queries or replies to achieve this goal?
I am noticing the .rpz-ip trigger, but being pretty green at RPZ policy
writing, it's not clear to me if that can be used to filter just A
records.
Cheers,
b.
More information about the bind-users
mailing list