[Pdns-users] Can I filter AAAA DNS requests for Netflix?
Aleksandr Rogozin
arogozin at squarespace.com
Mon Oct 7 06:23:07 UTC 2019
Hi Nick,
Since your request was to filter based on specific domains for qtype AAAA
with custom response, I suggest looking into Response Policy Zone (RPZ) or
LUA script.
Best Regards,
Aleksandr
On Sat, Oct 5, 2019 at 23:10 Nicholas Williams <
nicholas at nicholaswilliams.net> wrote:
> I’ve got a conundrum that has kind of come to a head for me. It may be
> 2019, but Comcast is still too incompetent to provide me with
> properly-working IPv6, so I’ve resorted to using a Hurricane Electric
> tunnel for IPv6 access. However, Netflix blocks all Hurricane Electric and
> similar tunnels under the assumption that you’re trying to scam their
> location identification and access content that you don’t have geographic
> access to and, worse, the Netflix apps prefer IPv6 over IPv4 when it’s
> available, so Hurricane Electric users are kinda screwed.
>
> In the past, I’ve dealt with this by adding a black hole route for
> Netflix’s IPv6 prefix. However, I’m now having to block THREE /48 prefixes
> in order to keep Netflix working, and from what I can tell that means I’m
> now blocking most of AWS’s enter CDN, so I’m losing out on IPv6 on a bunch
> of sites.
>
> This solution is really like using a sledgehammer to install a picture
> frame hanger (and having to replace the picture frame hanger every few
> months). A better solution is to prevent Netflix from doing AAAA lookups
> (or somehow filter them and respond with only A results). I’m already using
> PowerDNS Recursor for my DNS. Is there a way I can configure PowerDNS
> Recursor so that certain domains (like Netflix) respond with only A results
> and never return AAAA results, so that I can remove my blackhole routes?
>
> Thanks,
>
> Nick
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20191007/7aaff92b/attachment.htm>
More information about the Pdns-users
mailing list