search

CZ-NIC / knot-resolver

Knot Resolver - resolve DNS names like it's 2024
https://www.knot-resolver.cz/
Other
362 stars 59 forks source link

DNS64 returns A records for AAAA queries when DNSSEC is disabled #104

Closed maxpain closed 9 months ago

maxpain commented 9 months ago

DNS64 enabled, DNSSEC enabled:

root@dns64:/etc/wireguard# dig @fd86:ea04:1115::1 google.com AAAA

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @fd86:ea04:1115::1 google.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38947
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 4 (Forged Answer): (BHD4: DNS64 synthesis)
;; QUESTION SECTION:
;google.com.            IN  AAAA

;; ANSWER SECTION:
google.com.     120 IN  AAAA    64:ff9b::adc2:4966
google.com.     120 IN  AAAA    64:ff9b::adc2:4971
google.com.     120 IN  AAAA    64:ff9b::adc2:498a
google.com.     120 IN  AAAA    64:ff9b::adc2:498b
google.com.     120 IN  AAAA    64:ff9b::adc2:4964
google.com.     120 IN  AAAA    64:ff9b::adc2:4965

;; Query time: 20 msec
;; SERVER: fd86:ea04:1115::1#53(fd86:ea04:1115::1) (UDP)
;; WHEN: Sat Feb 03 02:57:08 UTC 2024
;; MSG SIZE  rcvd: 234

DNS64 enabled, DNSSEC disabled:

root@dns64:/etc/wireguard# dig @fd86:ea04:1115::1 google.com AAAA

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> @fd86:ea04:1115::1 google.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50301
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; EDE: 4 (Forged Answer): (BHD4: DNS64 synthesis)
;; QUESTION SECTION:
;google.com.            IN  AAAA

;; ANSWER SECTION:
google.com.     76  IN  A   74.125.205.100
google.com.     76  IN  A   74.125.205.101
google.com.     76  IN  A   74.125.205.102
google.com.     76  IN  A   74.125.205.113
google.com.     76  IN  A   74.125.205.138
google.com.     76  IN  A   74.125.205.139
google.com.     76  IN  AAAA    64:ff9b::4a7d:cd64
google.com.     76  IN  AAAA    64:ff9b::4a7d:cd65
google.com.     76  IN  AAAA    64:ff9b::4a7d:cd66
google.com.     76  IN  AAAA    64:ff9b::4a7d:cd71
google.com.     76  IN  AAAA    64:ff9b::4a7d:cd8a
google.com.     76  IN  AAAA    64:ff9b::4a7d:cd8b

;; Query time: 4 msec
;; SERVER: fd86:ea04:1115::1#53(fd86:ea04:1115::1) (UDP)
;; WHEN: Sat Feb 03 02:55:56 UTC 2024
;; MSG SIZE  rcvd: 330
vcunat commented 9 months ago

Let's close this in favor of https://gitlab.nic.cz/knot/knot-resolver/-/issues/893