Feature Request: Do not lookup IP addresses on A(AAA)?
pabstraud at compuserve.com
Thu Apr 13 11:06:38 UTC 2023
After using Unbound 1.17.1 as a drop-in replacement† for getaddrinfo()
and gethostbyname() in an open-source app, I noticed an *incredible*
increase in DNS queries sent over the wire while monitoring via
Wireshark. It is a VoIP/SIP app. Because of SIP and SDP, the app does
not know whether the remote "host" is an IP address or a domain name.
It could be both. Therefore, even IP addresses were sent to
At least on Ubuntu 22.04 LTS, getaddrinfo() does not query DNS over the
wire for any IP address. For example, 203.0.113.0/A is not sent, but
also 203.0.113.0/AAAA is not sent; same for 2001:db8::1/AAAA but also
2001:db8::/A. This (implicit?) behavior reduced the DNS traffic to an
absolute minimum. Now, with Unbound, that changed dramatically.
As workaround I call getaddrinfo() with hints.ai_flags = AI_NUMERICHOST.
Only if that fails with EAI_NONAME, I go for Unbound. 
My questions before opening an issue on GitHub:
1. Is this the way, or could getaddrinfo() be replaced differently?
2. If ub_resolve() can be considered as a replacement for getaddrinfo(),
and if this IP filtering is not something specific to my platform used,
shouldn't it be the default in Unbound for A(AAA) lockups as well?
† It is a bit more complicated; the app is now DNSSEC aware and informs
the user about the DNSSEC (bogus) state.
More information about the Unbound-users