search

TechnitiumSoftware / DnsServer

Technitium DNS Server
https://technitium.com/dns/
GNU General Public License v3.0
3.82k stars 397 forks source link

Feature Request: Emulating bind9 filter-aaaa #932

Closed jimbothigpen closed 1 week ago

jimbothigpen commented 1 month ago

From the description of the bind9 filter-aaaa plugin:

       filter-aaaa.so  is  a  query  plugin  module  for  named, enabling named to omit some IPv6
       addresses when responding to clients.

       Until BIND 9.12, this feature was implemented natively  in  named  and  enabled  with  the
       filter-aaaa ACL and the filter-aaaa-on-v4 and filter-aaaa-on-v6 options. These options are
       now deprecated in named.conf but can be passed as parameters to the filter-aaaa.so plugin,
       for example:

          plugin query "/usr/local/lib/filter-aaaa.so" {
                  filter-aaaa-on-v4 yes;
                  filter-aaaa-on-v6 yes;
                  filter-aaaa { 192.0.2.1; 2001:db8:2::1; };
          };

       This  module is intended to aid transition from IPv4 to IPv6 by withholding IPv6 addresses
       from DNS clients which are not connected to the IPv6 Internet, when the name being  looked
       up  has an IPv4 address available. Use of this module is not recommended unless absolutely
       necessary.

       Note: This mechanism can erroneously cause other servers not to give AAAA records to their
       clients.  If  a  recursing  server  with both IPv6 and IPv4 network connections queries an
       authoritative server using this mechanism via IPv4, it is denied AAAA records even if  its
       client is using IPv6.

I currently run a bind9 resolver behind my main DNS server to filter AAAA responses for hosts that have valid A records, because my ISP does not natively support IPv6 and I have a Hurricane Electric IPv6 tunnel. The HE tunnel only supports a fraction of my total bandwidth, so I prefer my local DNS clients to only use that tunnel to communicate with hosts that only communicate via IPv6. The bind9 filter-aaaa plugin will return an AAAA record iff the queried name does not return an A record, ensuring my bandwidth is not unnecessarily throttled via the HE IPv6 tunnel.

Asked on Reddit whether or not an existing DNS app would be able to emulate this functionality, but was asked to create a feature request here.

ShreyasZare commented 1 month ago

Thanks for the request. Will get this added in the upcoming update.

Jhordan1376 commented 1 week ago

From the description of the bind9 filter-aaaa plugin:

       filter-aaaa.so  is  a  query  plugin  module  for  named, enabling named to omit some IPv6
       addresses when responding to clients.

       Until BIND 9.12, this feature was implemented natively  in  named  and  enabled  with  the
       filter-aaaa ACL and the filter-aaaa-on-v4 and filter-aaaa-on-v6 options. These options are
       now deprecated in named.conf but can be passed as parameters to the filter-aaaa.so plugin,
       for example:

          plugin query "/usr/local/lib/filter-aaaa.so" {
                  filter-aaaa-on-v4 yes;
                  filter-aaaa-on-v6 yes;
                  filter-aaaa { 192.0.2.1; 2001:db8:2::1; };
          };

       This  module is intended to aid transition from IPv4 to IPv6 by withholding IPv6 addresses
       from DNS clients which are not connected to the IPv6 Internet, when the name being  looked
       up  has an IPv4 address available. Use of this module is not recommended unless absolutely
       necessary.

       Note: This mechanism can erroneously cause other servers not to give AAAA records to their
       clients.  If  a  recursing  server  with both IPv6 and IPv4 network connections queries an
       authoritative server using this mechanism via IPv4, it is denied AAAA records even if  its
       client is using IPv6.

I currently run a bind9 resolver behind my main DNS server to filter AAAA responses for hosts that have valid A records, because my ISP does not natively support IPv6 and I have a Hurricane Electric IPv6 tunnel. The HE tunnel only supports a fraction of my total bandwidth, so I prefer my local DNS clients to only use that tunnel to communicate with hosts that only communicate via IPv6. The bind9 filter-aaaa plugin will return an AAAA record iff the queried name does not return an A record, ensuring my bandwidth is not unnecessarily throttled via the HE IPv6 tunnel.

Asked on Reddit whether or not an existing DNS app would be able to emulate this functionality, but was asked to create a feature request here.

ShreyasZare commented 1 week ago

Technitium DNS Server v12.2.1 is now available that add Filter AAAA DNS App. Do update and let me know your feedback.

jimbothigpen commented 1 week ago

Fantastic, works as expected. No more need for a bind9 resolver to sit between technitium and my upstream dns. Configuration is simple and straightforward.

ShreyasZare commented 1 week ago

Thanks for the feedback!