On 12/02/2018 17:23, Pieter Lexis wrote:
If you known the (sub) domains that need this special processing, you
could simplify your life by adding them to a DNSSuffixMatchGroup[1] and
if the domain name in the AAAA query is not matched in this group, send
a NODATA response to let the client retry with A.

Another way to do it would be if you know the IPv6 *prefixes* of the cloud site(s) you need to reach via the tunnel.  You could then filter out any AAAA responses which are not within those prefixes.

It also occurs to me that what you're asking for sounds quite similar to what DNS64 does, but backwards:

* DNS64: if AAAA query has no data then check for A record, and if it exists, embed it into AAAA response

* What you want: if AAAA query has data then check for A record, and if it exists, change AAAA response to NODATA

But it may not be straightforward to hack the powerdns DNS64 code to work that way.




Pdns-users mailing list

Reply via email to