<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Trey,<br>
</p>
<p>Are there any specific applications requiring this patch? It
seems to me most of work should be spent on applications not
handling IPv4 addresses correctly. Also, I would implement
filtering of both address families if it is required.</p>
<p>Are there specific applications, where we can help escalate the
problem on their side instead? As you have already said, when they
ask for A address, they should receive one. Whether it is useful
or not, clients should be able to process it. And skipping to IPv6
in case of no IPv4 connectivity should be immediate. We lack full
IPv6 connectivity at office, so far I know only svn is not able to
switch to IPv4 only. Which is solved by switching to git.
Filtering of AAAA record would have solved it too.<br>
</p>
<p>Do you have examples of applications, where this change would
help?</p>
<p>Cheers,</p>
<p>Petr<br>
</p>
<div class="moz-cite-prefix">On 6/16/21 1:26 PM, Trey Sis wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8d044797-7f63-dbc6-6299-f4b38b904640@gmx.net">On
6/14/2021 1:43, Trey Sis wrote:
<br>
<blockquote type="cite">On 6/13/2021 22:01, Geert Stappers via
Dnsmasq-discuss wrote:
<br>
<blockquote type="cite">On Wed, Jun 09, 2021 at 02:13:34PM
+0200, Trey Sis wrote:
<br>
<blockquote type="cite">Dropping the patch file as attachment.
<br>
From 57c7fcb0b3caccae7376f71ab1a9ae74f0e7f6d9 Mon Sep 17
00:00:00 2001
<br>
From: treysis <a class="moz-txt-link-rfc2396E" href="mailto:treysis@gmx.net"><treysis@gmx.net></a>
<br>
Date: Sat, 5 Jun 2021 15:27:26 +0200
<br>
Subject: [PATCH] Add option to filter A record requests
<br>
<br>
</blockquote>
[1]
<br>
<br>
<br>
<blockquote type="cite">---
<br>
src/dnsmasq.h | 3 ++-
<br>
src/option.c | 3 +++
<br>
src/rfc1035.c | 11 +++++++++++
<br>
3 files changed, 16 insertions(+), 1 deletion(-)
<br>
<br>
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
<br>
index b27737b..2fec7d1 100644
<br>
--- a/src/dnsmasq.h
<br>
+++ b/src/dnsmasq.h
<br>
@@ -272,7 +272,8 @@ struct event_desc {
<br>
#define OPT_LOG_DEBUG 62
<br>
#define OPT_UMBRELLA 63
<br>
#define OPT_UMBRELLA_DEVID 64
<br>
-#define OPT_LAST 65
<br>
+#define OPT_FILTER_A 65
<br>
+#define OPT_LAST 66
<br>
<br>
#define OPTION_BITS (sizeof(unsigned int)*8)
<br>
#define OPTION_SIZE (
<br>
(OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
<br>
diff --git a/src/option.c b/src/option.c
<br>
index cacfaa6..43dc3cb 100644
<br>
--- a/src/option.c
<br>
+++ b/src/option.c
<br>
@@ -171,6 +171,7 @@ struct myoption {
<br>
#define LOPT_DYNHOST 362
<br>
#define LOPT_LOG_DEBUG 363
<br>
#define LOPT_UMBRELLA 364
<br>
+#define LOPT_FILTER_A 365
<br>
<br>
#ifdef HAVE_GETOPT_LONG
<br>
static const struct option opts[] =
<br>
@@ -347,6 +348,7 @@ static const struct myoption opts[] =
<br>
{ "dynamic-host", 1, 0, LOPT_DYNHOST },
<br>
{ "log-debug", 0, 0, LOPT_LOG_DEBUG },
<br>
{ "umbrella", 2, 0, LOPT_UMBRELLA },
<br>
+ { "filter-a", 0, 0, LOPT_FILTER_A },
<br>
{ NULL, 0, 0, 0 }
<br>
};
<br>
<br>
@@ -530,6 +532,7 @@ static struct {
<br>
{ LOPT_DUMPMASK, ARG_ONE, "<hex>",
gettext_noop("Mask which
<br>
packets to dump"), NULL },
<br>
{ LOPT_SCRIPT_TIME, OPT_LEASE_RENEW, NULL,
gettext_noop("Call
<br>
dhcp-script when lease expiry changes."), NULL },
<br>
{ LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]",
gettext_noop("Send
<br>
Cisco Umbrella identifiers including remote IP."), NULL },
<br>
+ { LOPT_FILTER_A, OPT_FILTER_A, NULL, gettext_noop("Filter
all A
<br>
requests."), NULL },
<br>
{ 0, 0, NULL, NULL, NULL }
<br>
};
<br>
<br>
diff --git a/src/rfc1035.c b/src/rfc1035.c
<br>
index 9bc5ef2..1043773 100644
<br>
--- a/src/rfc1035.c
<br>
+++ b/src/rfc1035.c
<br>
@@ -1843,6 +1843,17 @@ size_t answer_request(struct
dns_header
<br>
*header, char *limit, size_t qlen,
<br>
}
<br>
}
<br>
<br>
+ /* filter A forwards */
<br>
+ if (qtype == T_A && option_bool(OPT_FILTER_A))
<br>
+ {
<br>
+ /* return a null reply */
<br>
+ ans = 1;
<br>
+ if (!dryrun)
<br>
+ log_query(F_CONFIG | F_IPV6 | F_NEG, name,
&addr, NULL);
<br>
+ break;
<br>
+ }
<br>
+ /* end of filtering A */
<br>
+
<br>
if (!ans)
<br>
return 0; /* failed to answer a question */
<br>
}
<br>
</blockquote>
<br>
<br>
/home/stappers/src/dnsmasq/.git/rebase-apply/patch:62:
trailing
<br>
whitespace.
<br>
if (!dryrun)
<br>
warning: 1 line adds whitespace errors.
<br>
</blockquote>
<br>
My bad! Fixed. Find the new patch attached to this message.
<br>
<br>
<br>
<br>
_______________________________________________
<br>
Dnsmasq-discuss mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a>
<br>
</blockquote>
<br>
Hello everyone,
<br>
<br>
I was wondering if anyone has any suggestions or objections for
the patch?
<br>
<br>
I still think it would be very valuable for many setups out there
to
<br>
drop A records. Most OS don't query for AAAA if there is no IPv6
<br>
connection. But none don't query for A if there is no IPv4. That
often
<br>
causes problems with applications that did not (yet) implement
happy
<br>
eyeballs. Getting this upstream would make it much easier to
handle
<br>
IPv6-only environments.
<br>
<br>
What do you think?
<br>
<br>
Regards,
<br>
<br>
Treysis
<br>
<br>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Dnsmasq-discuss mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk">Dnsmasq-discuss@lists.thekelleys.org.uk</a>
<a class="moz-txt-link-freetext" href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Petr Menšík
Software Engineer
Red Hat, <a class="moz-txt-link-freetext" href="http://www.redhat.com/">http://www.redhat.com/</a>
email: <a class="moz-txt-link-abbreviated" href="mailto:pemensik@redhat.com">pemensik@redhat.com</a>
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB</pre>
</body>
</html>