Apologies all, I missed an Event Viewer entry:
"C:\Program Files\ISC BIND 9\etc\named.conf:19: option
'filter-aaaa-on-v4' was not enabled at compile time"
So it appears I DO have to recompile...
As to why I like this feature..... *sigh* I have gigabit fiber AT&T
business connection with a Cisco 1921 that I configure for remote access
IKEv2 IPsec. AT&T has not enabled IPv6 at the moment for my connection
(and even if they had, they currently use a pretty awful 6rd setup that
tunnels v6 traffic and limits it to ~40-60mbps). When I connect to the
VPN from a client location that has dual-stack (such as my Android phone
on Verizon), the VPN SA is made for the v4 address but not the v6
address. Android, it seems, has a bit of a broken split tunneling
implementation, and it appears that when my v4-only VPN is connected,
outgoing traffic to v6 destinations is simply dropped, and crucially the
v4 address is never tried. The net effect is I am unable to access any
website that has enabled v6, or attempt to otherwise access any resource
that is discovered via an AAAA DNS record.
If I could root my phone, I would just disable IPv6 on the phone, but I
can't do that at the moment. So this solution currently works best; the
phone only gets A records returned for all DNS lookups, and thus only
tries to connect to IPv4 addresses. It's a horrible kludge for my
specific situation that I hope will change soon :)
Thanks!
On 8/30/2017 8:50 AM, Mark Andrews wrote:
In message <20170830112841.gk2...@harrier.slackbuilds.org>, /dev/rob0 writes:
On Tue, Aug 29, 2017 at 02:12:43PM -0500, pLAN9 wrote:
I have downloaded the latest 9.11.2 BIND running on Windows 10 and
have set up a successful caching-only server. When I try to add
"filter-aaaa-on-v4 yes" to the global "options" section of
named.conf, the Windows BIND service fails to start, with an event
viewer log entry stating a "Parsing error" on the line containing
the filter statement.
I suspect you have a syntax error, or maybe non-ASCII characters
in your named.conf.
Agreed. You should get a log message about it not being configured.
Does this mean I will have to manually compile BIND on WIndows
for this option to work?
There is no specific compile flag to enable that feature, so no.
It's conditionally compiled (--enable-filter-aaaa).
#ifdef ALLOW_FILTER_AAAA
{ "filter-aaaa", &cfg_type_bracketed_aml, 0 },
{ "filter-aaaa-on-v4", &cfg_type_filter_aaaa, 0 },
{ "filter-aaaa-on-v6", &cfg_type_filter_aaaa, 0 },
#else
{ "filter-aaaa", &cfg_type_bracketed_aml,
CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "filter-aaaa-on-v4", &cfg_type_filter_aaaa,
CFG_CLAUSEFLAG_NOTCONFIGURED },
{ "filter-aaaa-on-v6", &cfg_type_filter_aaaa,
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif
I assume that I don't need a full version of Visual Studio
to compile, the free "Community" edition of VS 2017 will work?
I think the Knowledge Base has an article on compiling BIND for
Windows. But again, I doubt that could be the problem.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
