Filter AAAA records within a specific zone
Dave Warren
dw at thedave.ca
Tue Jan 9 18:53:59 UTC 2018
That's... Ugly. Effective though, and appreciated!
I was hoping for something that could work at the domain level rather
than at the individual host level, but it appears only BIND offers this
and I don't intend to switch from Unbound to BIND.
Can I assume this list has been at least somewhat static?
If not, or if I run into more services where this is an issue, I might
need to bring up a BIND resolver just for these particular domains and
have Unbound just forward these domains to BIND, but this too seems
uglier than I'd like.
Either way, this will seem to get things working in the short term, and
your efforts sorting it out and documenting are definitely making life
easier in the short term, so my thanks!
On 2018-01-07 17:39, Jeremy Baker via Unbound-users wrote:
> I ran into this problem a while back, and posted my unbound solution here:
>
> https://www.mbcs.ca/?p=30
>
>
> On 01/06/2018 05:05 PM, Dave Warren via Unbound-users wrote:
>> Howdy!
>>
>> Is there a way to have unbound filter/block AAAA records from being
>> returned from a specific zone?
>>
>> It seems like BIND might allow this using the filter-aaaa-on-v6
>> directive, I'm looking for something similar in Unbound.
>>
>> The underlying issue is that we've recently added HE's IPv6
>> tunnelbroker to our network, but certain services
>> *cough*Netflix*cough* reject traffic sent through a HE tunnel. I'm
>> looking for a way to force problem services through IPv4 and it seems
>> like one possible approach would be to limit their domains from
>> retrieving AAAA records.
>>
>
More information about the Unbound-users
mailing list