On 12/02/2018 17:23, Pieter Lexis wrote:
If you known the (sub) domains that need this special processing, you could simplify your life by adding them to a DNSSuffixMatchGroup[1] and if the domain name in the AAAA query is not matched in this group, send a NODATA response to let the client retry with A.
Another way to do it would be if you know the IPv6 *prefixes* of the cloud site(s) you need to reach via the tunnel. You could then filter out any AAAA responses which are not within those prefixes.
It also occurs to me that what you're asking for sounds quite similar to what DNS64 does, but backwards:
* DNS64: if AAAA query has no data then check for A record, and if it exists, embed it into AAAA response
* What you want: if AAAA query has data then check for A record, and if it exists, change AAAA response to NODATA
But it may not be straightforward to hack the powerdns DNS64 code to work that way.
https://doc.powerdns.com/md/recursor/dns64/ Cheers, Brian. _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users