BIND9 does not allow AAAA record to be filtered
Clients in an IPv6 capable LAN get confused with external AAAA records, if the WAN uplink doesn’t support IPv6. Whenever an IPv6 client requests an address record of an external server, a locally running named will query the external DNS receiving A and AAAA records, which are forwarded to the client. Preferring IPv6, the client will try to access the external server through the IPv6 address provided with the AAAA record, which will fail if the uplink doesn’t support IPv6.
To prevent this sort of failure, named can be configured to filter AAAA records received from servers over IPv4 (see: https://kb.isc.org/article/AA-00576/0/Filter-AAAA-option-in-BIND-9-.html ). Though, this requires named to be compiled with the —enable-filter-aaaa option. I’d like to ask you to add this option to the build of named.
Thanks and Kind Regards, Tiger
(from redmine: issue id 3955, created on 2015-02-27, closed on 2015-03-20)
- Changesets:
- Revision 7ee31704 by Natanael Copa on 2015-03-11T16:22:49Z:
main/bind: enable filter AAAA
ref #3955
- Revision c9eb7a7f by Natanael Copa on 2015-03-11T16:26:27Z:
main/bind: enable filter AAAA
fixes #3955
(cherry picked from commit 7ee317045943d8700870e25f7974283c0b5a12b8)