On 12/02/2018 17:23, Pieter Lexis wrote:
If you known the (sub) domains that need this special processing, you
could simplify your life by adding them to a DNSSuffixMatchGroup and
if the domain name in the AAAA query is not matched in this group, send
a NODATA response to let the client retry with A.
Another way to do it would be if you know the IPv6 *prefixes* of the
cloud site(s) you need to reach via the tunnel. You could then filter
out any AAAA responses which are not within those prefixes.
It also occurs to me that what you're asking for sounds quite similar to
what DNS64 does, but backwards:
* DNS64: if AAAA query has no data then check for A record, and if it
exists, embed it into AAAA response
* What you want: if AAAA query has data then check for A record, and if
it exists, change AAAA response to NODATA
But it may not be straightforward to hack the powerdns DNS64 code to
work that way.
Pdns-users mailing list