block all AAAA queries for specific domain?

Jeremy Baker jab at mbcs.ca
Mon Aug 27 14:09:31 UTC 2018


On 08/17/2018 04:48 PM, Rick van der Zwet via Unbound-users wrote:
> Hi,
>
> For debugging purposes, I am trying to block (only) AAAA queries from
> a specific domain and it's subdomains.
>
> Currently I have to specify them all by hand, which is cumbersome
> since the list dynamic e.g.:
>
>         local-zone: "netflix.com" typetransparent
>         local-data: "netflix.com AAAA ::1"
>         local-data: "moderate.ftl.netflix.com AAAA ::1"
>         local-data: "www.latency.prodaa.netflix.com AAAA ::1"
>         local-data: "www.netflix.com AAAA ::1"
>         local-data: "www.geo.netflix.com AAAA ::1"
>         local-data: "ichnaea-web.netflix.com AAAA ::1"
>         local-data: "appboot.netflix.com AAAA ::1"
>         local-data: "appboot.latency.prodaa.netflix.com AAAA ::1"
>         local-data: "ios.nccp.netflix.com AAAA ::1"
>         local-data: "ichnaea-web.geo.netflix.com AAAA ::1"
>         local-data: "ichnaea-web.us-west-2.prodaa.netflix.com AAAA ::1"
>         local-data: "ichnaea-web.us-west-1.prodaa.netflix.com AAAA ::1"
>
>
> I rather have something like:
>         local-zone: "netflix.com" typetransparent
>         local-data: "*.netflix.com AAAA ::1"
>
>
> Does somebody has a work-around available to make my debugging effort
> easier?
>
> Best regards,
> -Rick
This would certainly make my life easier as well, since netflix is
constantly adding new host names that I have to disable ipv6 for.

-- 
Jeremy Baker <jab at mbcs.ca>
GnuPGP fingerprint =
EE66 AC49 E008 E09A 7A2A  0195 50EF 580B EDBB 95B6




More information about the Unbound-users mailing list