filter-a and dns64 in a ipv6-only network
Eric Germann
ekgermann at semperen.com
Wed Feb 1 01:28:09 UTC 2023
> On Jan 31, 2023, at 15:27, Thomas Schäfer <tschaefer at t-online.de> wrote:
>
> Am Dienstag, 31. Januar 2023, 20:03:42 CET schrieb Marco:
>
>>
>> Why would it make sense to block them?
>
> Avoiding wrong decisions by "happy eyeballs" - probably the same rare reasons
> why isc introduced the AAAA filter yeas ago - in theory there is no reason to
> block AAAA nor A. But blocking A depending on the existence of AAAA makes no
> sense at all.
> (as bind at moment is doing)
I’ve found one edge case where blocking AAAA records fixes something in order to force it to A addresses.
Netflix
I use a Hurricane Electric tunnel for my IPv6. Works like a charm for every other site I use. But Netflix rejects connections because it thinks it’s on a VPN. So, filtering the quad A makes it appear it isn’t IPv6 enabled, so it connects over 4. Works like a champ.
Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20230131/affa0e68/attachment.sig>
More information about the bind-users
mailing list