<html><head></head><body style="zoom: 0%;"><div dir="auto">There are no dual stack clients as the network isn't IPv6 enabled (yet). The idea is to reduce the chatter for single stack clients.<br><br></div>
<div dir="auto">Your right that once dual stack is enabled on parts of the network and in clients, then we'll need to be mindful of this. But, I would expect most dual stack clients to default to querying DNS using IPv6. In fact as we control the client IP addressing, we can ensure to convert DNS server settings to IPv6 when enabling dual stack.<br><br></div>
<div dir="auto">I would not want to apply this to "public" recursors which may be used as forward servers and by clients not under our control.<br><br></div>
<div dir="auto">Thank you for your input,<br></div>
<div dir="auto">Djerk Geurts</div>
<div class="gmail_quote" >On 30 Oct 2023, at 06:26, Otto Moerbeek <<a href="mailto:otto@drijf.net" target="_blank">otto@drijf.net</a>> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="blue">On Mon, Oct 30, 2023 at 04:35:25AM +0000, Djerk Geurts via Pdns-users wrote:<br><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> Hi all,<br> <br> Not had the opportunity to test this yet, but wanted to check with those more experienced at LUA scripting if the following has any unexpected side effects:<br> <br> function preresolve(dq)<br> -- Implementation of 'filter-aaaa-on-v4'<br> if dq.qtype == pdns.AAAA and dq.remoteaddr:isIPv4() then<br> dq.appliedPolicy.policyKind = pdns.policykinds.Drop<br> return false<br> else<br> return false<br> end<br> end<br> <br> I will run a test when I get the opportunity. Does anyone filter AAAA requests for single stack clients (IPv4 only obviously)?<br> <br> Thanks,<br> Djerk Geurts<br></blockquote><br>This polciy will also apply to dual stack clients that happen to<br>contact the rescursor over v4 to request an AAAA. There is nothing<br>wrong with that, but your policy will cause timeouts for the clients.<br>So not recommended.<br><br> -Otto<br><br></pre></blockquote></div></body></html>