Dear Pieter, Thanks a lot! You were super helpful!
Best, Radek -- Radoslaw Kamil Ejsmont, Ph.D. http://radoslaw.ejsmont.net <http://radoslaw.ejsmont.net/> > On 12 Feb 2018, at 18:23, Pieter Lexis <pieter.le...@powerdns.com> wrote: > > Hi Radosław, > > Pushing this back to the mailing-list, please send further replies there > as well. > > On Mon, 12 Feb 2018 18:00:43 +0100 > Radosław Ejsmont <rados...@ejsmont.net> wrote: > >>> On 12 Feb 2018, at 17:43, Pieter Lexis <pieter.le...@powerdns.com> wrote: >>> >>> On Mon, 12 Feb 2018 11:32:11 +0100 >>> Radoslaw Kamil Ejsmont <rados...@ejsmont.net> wrote: >>> >>>> My goal is to successfully resolve AAAA only for hosts that are IPv6 only >>>> and serve A only to dual-stack hosts. >>> >>> To be honest, your goal makes no sense from a networking perspective. >>> When you dual-stack some hosts, your IPv6 network should be up for it. >>> Faking IPv6 unavailability is a bad 'migration' strategy. It will also >>> break dual-stack hosts that do DNSSEC validation. >> >> DNSSEC is blocked by provider anyway. They do not provide it through their >> servers and block use on any other DNS servers anyway. I wish I could use >> full dual-stack but with terribly slow tunnel that gives any IPv6 >> connectivity and a need to connect to IPv6-only hosts (cloud servers) while >> retaining good performance (bandwidth-wise) of the network (streaming for >> example) I am running out of options here :( and there is literally no >> provider that could wire me up to native v6 around :( > > Ouch, that is painful! I was under the impression that these things did > not happen anymore in the wild. > > If you known the (sub) domains that need this special processing, you > could simplify your life by adding them to a DNSSuffixMatchGroup[1] and > if the domain name in the AAAA query is not matched in this group, send > a NODATA response to let the client retry with A. > > This solution would be more cleaner than a blanket 'do another lookup > to see if I like the answer'. > >>> If you really want to continue on this path, I recommend getting a Lua >>> DNS library and doing an A query and see if you like the answer >>> before returning something to the client. In the current Lua >>> infrastructure in the Recursor, there is no way to re-inject a query >>> into the recursor from Lua. >> >> Did not know pdns Lua interpreter supports external libraries! How do you >> load them? > > Just like any other Lua module, install the rock and use `require`[2] > > Best regards, > > Pieter > > 1 - > https://doc.powerdns.com/recursor/lua-scripting/dnsname.html#dns-suffix-match-groups > 2 - http://lua-users.org/wiki/ModulesTutorial > > > -- > Pieter Lexis > PowerDNS.COM BV -- https://www.powerdns.com
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users