[Pdns-users] LUA for "filter-aaaa-on-v4"
Djerk Geurts
djerk at maizymoo.com
Mon Oct 30 09:10:41 UTC 2023
There are no dual stack clients as the network isn't IPv6 enabled (yet). The idea is to reduce the chatter for single stack clients.
Your right that once dual stack is enabled on parts of the network and in clients, then we'll need to be mindful of this. But, I would expect most dual stack clients to default to querying DNS using IPv6. In fact as we control the client IP addressing, we can ensure to convert DNS server settings to IPv6 when enabling dual stack.
I would not want to apply this to "public" recursors which may be used as forward servers and by clients not under our control.
Thank you for your input,
Djerk Geurts
On 30 Oct 2023, 06:26, at 06:26, Otto Moerbeek <otto at drijf.net> wrote:
>On Mon, Oct 30, 2023 at 04:35:25AM +0000, Djerk Geurts via Pdns-users
>wrote:
>
>> Hi all,
>>
>> Not had the opportunity to test this yet, but wanted to check with
>those more experienced at LUA scripting if the following has any
>unexpected side effects:
>>
>> function preresolve(dq)
>> -- Implementation of 'filter-aaaa-on-v4'
>> if dq.qtype == pdns.AAAA and dq.remoteaddr:isIPv4() then
>> dq.appliedPolicy.policyKind = pdns.policykinds.Drop
>> return false
>> else
>> return false
>> end
>> end
>>
>> I will run a test when I get the opportunity. Does anyone filter AAAA
>requests for single stack clients (IPv4 only obviously)?
>>
>> Thanks,
>> Djerk Geurts
>
>This polciy will also apply to dual stack clients that happen to
>contact the rescursor over v4 to request an AAAA. There is nothing
>wrong with that, but your policy will cause timeouts for the clients.
>So not recommended.
>
> -Otto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20231030/84504cf2/attachment.htm>
More information about the Pdns-users
mailing list