plugin/dns64: new configuration directive to break IPV4 name resolution #5766
p-weston
started this conversation in
Show and tell
Replies: 2 comments 2 replies
-
Thanks for sharing! In a nutshell, how did you solve it? Earmarking the A lookups originating from the dns64 plugin? |
Beta Was this translation helpful? Give feedback.
2 replies
-
Thanks, good points. I will try returning the real A query with the A records stripped out, and see how things react. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have a small patch to plugin/dns64 which adds a break_ipv4_names directive. Would you want a PR for it?
It returns NXDOMAIN for all A requests, except for those generated by the dns64 plugin itself for the purpose of building a AAAA record.
I have found that on ipv6 only nodes this fixes several packages that would otherwise fail due to only trying one address, or stubbornly using up their retries on ipv4 addresses. Ideally these packages would all be fixed, but a single change working around so many different problems has been very useful. I believe some packages have deliberately chosen to prefer v4 addresses as a workaround for badly configured v6 networks.
I haven't written any documentation for it, but note it is against the RFC, and will break anything like email SPF record validation which sometimes needs to explicitly resolve a name to an ipv4 address.
Beta Was this translation helpful? Give feedback.
All reactions