[Dnsmasq-discuss] Re: Is there a way to "block" IPv6 address queries?

Simon Kelley simon@thekelleys.org.uk
Tue, 12 Apr 2005 14:13:08 +0100 

Eric P. Scott wrote:
> I guess I should clarify; I'm not trying to "be kind to my DNS
> server" (although that's a nice side effect) so much as improve
> responsiveness for client machines.  Assume my connectivity to
> the public DNS is slow, congested, lossy, etc.  I want to reduce
> the several second delay on every address lookup due to misguided
> client software hoping for IPv6 reachability that isn't actually
> there.
> 
> 
>>That's negative caching. The way it's done is specified in RFC 2308 and 
>>dnsmasq supports it. The crucial thing is that there needs to be an SOA 
>>record in the authority section of the reply in order for a negative 
>>cache entry to be generated. I've noticed that recently my ISP's 
>>nameservers have stopped including an NS section. They probably think 
>>doing that  will reduce the load on their nameservers. Poor fools.
> 
> 
> RFC 2308 says:
> 
>    A negative answer that resulted from a no data error (NODATA) should
>    be cached such that it can be retrieved and returned in response to
>    another query for the same <QNAME, QTYPE, QCLASS> that resulted in
>    the cached negative response.
> 
> I don't think this is working for me in 2.22.
> 
> 
<snip packet dumps showing correct SOA records.>

> 1) Is negative caching functioning as expected?
> [For AAAA queries when dnsmasq has been compiled with -DNO_IPV6]


Apologies for not spotting this first time round: negative caching for
AAAA queries will _not_ work if dnsmasq is compiled with -DNO_IPV6.

Setting that flag removes all IPv6 code, making dnsmasq compile-able
even on machines without any IPv6 support in their C library headers.
AAAA queries become "nothing special". They will be forwarded and
replies returned, just like all the other query types which dnsmasq has
no special knowledge of, but no caching will take place, positive or
negative, and IPv6 addresses in /etc/hosts will not be recognised.

> 2) Is cached NXDOMAIN information being used to its full extent?

With -DNO_IPV6, it won't be used at all for IPv6 queries.

> 3) Is it practical to--as an option--intercept IPv6 address
> lookups as previously described?

With the current code - no. I'll consider the best way to provide that 
ability.

Cheers,

Simon.


> 
> 					-=EPS=-
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>