I need to suppress ipv6 DNS for Netflix because otherwise they 'wrongly' assume my ipv6 tunnel is a VPN.
And I have a config for that looking something like this (in a config file in /usr/local/etc/dnsmasq.conf.d): server=/netflix.com/# address=/netflix.com/ <http://netflix.com/#address=/netflix.com/>:: server=/netflix.net/# address=/netflix.net/ <http://netflix.net/#address=/netflix.net/>:: server=/nflxext.com/# address=/nflxext.com/ <http://nflxext.com/#address=/nflxext.com/>:: server=/nflximg.net/# address=/nflximg.net/ <http://nflximg.net/#address=/nflximg.net/>:: server=/nflxvideo.net/# address=/nflxvideo.net/ <http://nflxvideo.net/#address=/nflxvideo.net/>:: server=/nflxso.net/# address=/nflxso.net/ <http://nflxso.net/#address=/nflxso.net/>:: And then start dnsmasq with all these options: --all-servers --rebind-localhost-ok --stop-dns-rebind -H /var/etc/dnsmasq-hosts --server=/foo.network/192.168.1.1 --rebind-domain-ok=/foo.network/ --dnssec --trust-anchor=XYZ --trust-anchor=XYZ --dns-forward-max=5000 --cache-size=10000 --local-ttl=1 --conf-dir=/usr/local/etc/dnsmasq.conf.d,*.conf With 2.85 this worked as expected and suppressed the AAAA records for the Netflix domains. According to the changelog from 2.86: > Major rewrite of the DNS server and domain handling code. And with this version it started to work sometimes and sometimes not. I couldn't pinpoint yet when it works and when not. (I tested on FreeBSD with the port https://www.freshports.org/dns/dnsmasq) (which has already a few bug fixes back-ported from git) Am I holding dnsmasq wrong or is this a regression? kind regards l33tname
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
