Disable IPv6 queries/response for certain domains
Daisuke HIGASHI
daisuke.higashi at gmail.com
Fri Dec 23 15:53:10 UTC 2022
Igor Sverkos via Unbound-users <unbound-users at lists.nlnetlabs.nl>:
> Is there a way to force IPv4-ony responses (i.e. drop any IPv6
> queries/answers) for certain domains using unbound?
"private-address" statements filters out specified IPv6 (or IPv4)
records. By specifying all IPv6 address space (::/0) unbound filters
out all AAAA records. i.e:
===
server:
private-address: ::/0
====
You want to drop AAAA records in certain domain, not all AAAA. You can
do it by running two Unbound instances.
- Step1. Start an Unbound instance that drops all AAAA RRsets
on all domains (listening port 10053).
# unbound-aaaa-filter.conf
server:
private-address: ::/0 # filters out all AAAA !
port: 10053
- Step2. Configure your "main" Unbound instance to forward queries
for certain domain to the "AAAA-filtered" Unbound instance.
# unbound-main.conf
server:
do-not-query-localhost: no
forward-zone:
name: example.com
forward-addr: 127.0.0.1 at 10053
--
Daisuke Higashi
More information about the Unbound-users
mailing list