Closed ravenise closed 6 years ago
jedisct1
commented
6 years ago Blocking IPv6 traffic is a system setting. Namely, don't configure any IPv6 address on your system (even via automatic configuration).
At DNS level, which is what dnscrypt-proxy is about, the best we can do is respond to queries for IPv6 addresses with "there are no IPv6 addresses". Which is what block_ipv6 already does :)
ravenise
commented
6 years ago Thank you for your response jedi; Ok thank you for clearing that up; Makes sense as In AsusWRT / Merlin, AI Protection queries and other queries involve IPv6 and no matter what system wide setting is set to block IPv6, blocking in dnscrypt was the only method which prevented Ipv6 dns queries from completing. Glad to know its all good, thank you!
**Filters
Immediately respond to IPv6-related queries with an empty response This makes things faster when there is no IPv6 connectivity, but can also cause reliability issues with some stub resolvers. In particular, enabling this on macOS is not recommended.
block_ipv6 = true**
Is it currently possible to drop IPv6 entirely for better security and more stealth? If so can you please add it? That would be a great feature if not already inbuilt and not totally redundant, (i have no idea) t :)