Good morning everyone,
we have peculiar request to solve and were wondering whether it is at all possible with bind: a) For a certain source range, let's say 2001:db8::/96, we want to *only* reply with generated DNS64 entries - i.e. we want bind to only reply with mapped IPv4 addresses, NOT with proper AAAA entries, if they exist. b) For a different source range, let's say 2001:db:1::/64, we want to reply only with *proper* IPv6 AAAA entries, i.e. disable DNS64 for them. c) (optional) In the best case, we would even like to remove A replies from the results, in case a misconfigured client requests A records. Background for this is that we have clients in specific networks, which are mapped via SIIT to IPv4 addresses. These clients should never connect to an IPv6 address (besides they actually do...) after translation. And the clients in the other network should behave the opposite, they should *only* connect to IPv6 hosts. However, both client networks are IPv6 only, as there is no IPv4 link into these networks, so we are dealing with NAT64/SIIT. And unfortunately we don't have a lot of control over the client behaviour, whether they will ask for A/AAAA entries, so we will need to steer them on the DNS side. Looking forward to your replies. Best regards, Nico -- Sustainable, Modern Infrastructures by ungleich.ch _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users