Feature Request: Do not lookup IP addresses on A(AAA)?

Alexander Traud pabstraud at compuserve.com
Thu Apr 13 11:06:38 UTC 2023

After using Unbound 1.17.1 as a drop-in replacement† for getaddrinfo() 
and gethostbyname() in an open-source app, I noticed an *incredible* 
increase in DNS queries sent over the wire while monitoring via 
Wireshark. It is a VoIP/SIP app. Because of SIP and SDP, the app does 
not know whether the remote "host" is an IP address or a domain name. 
It could be both. Therefore, even IP addresses were sent to 

At least on Ubuntu 22.04 LTS, getaddrinfo() does not query DNS over the 
wire for any IP address. For example, is not sent, but 
also is not sent; same for 2001:db8::1/AAAA but also 
2001:db8::/A. This (implicit?) behavior reduced the DNS traffic to an 
absolute minimum. Now, with Unbound, that changed dramatically.

As workaround I call getaddrinfo() with hints.ai_flags = AI_NUMERICHOST.
Only if that fails with EAI_NONAME, I go for Unbound. [1]

My questions before opening an issue on GitHub:
1. Is this the way, or could getaddrinfo() be replaced differently?
2. If ub_resolve() can be considered as a replacement for getaddrinfo(), 
and if this IP filtering is not something specific to my platform used, 
shouldn't it be the default in Unbound for A(AAA) lockups as well?
† It is a bit more complicated; the app is now DNSSEC aware and informs 
the user about the DNSSEC (bogus) state.
[1] <https://stackoverflow.com/q/55272192>

More information about the Unbound-users mailing list