[Dnsmasq-discuss] stop-dns-rebind and IPv6

dnsmasq at flyingout.name dnsmasq at flyingout.name
Tue Aug 31 22:28:57 BST 2010


Hey all,

I've searched the list, man, conf, etc. and didn't find anything on
this.

I've been testing the rebinding protection and thought it was working
until I hit it with a little dns testing tool over at grc.com. Some
browsers issue A and AAAA queries and it appears dnsmasq is only
blocking the A records. So, for example, if I point to my router via one
of the grc generated urls in Firefox (OS X and Ubuntu), it gets there
despite dnsmasq blocking the A record.

Is there a way to block the AAAA records as well?

dig net10.grctech.com A

; <<>> DiG 9.6.0-APPLE-P2 <<>> net10.grctech.com A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57692
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;net10.grctech.com.             IN      A

;; Query time: 22 msec


good, but:

dig net10.grctech.com AAAA

; <<>> DiG 9.6.0-APPLE-P2 <<>> net10.grctech.com AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19161
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;net10.grctech.com.             IN      AAAA

;; ANSWER SECTION:
net10.grctech.com.      599819  IN      AAAA    ::ffff:10.0.0.1

;; Query time: 18 msec

Thanks,
Paul


-- 
Paul Ediger
     paul at ediger.name




More information about the Dnsmasq-discuss mailing list