[Dnsmasq-discuss] address option doesn't work correctly if the target domain is a cname

[Анна Тихомирова]

18.04.2022 16:38, Simon Kelley пишет:
> What's not obvious is what to do about it: In versions before 2.86, 
> this wouldn't be a problem, because
>
> address=/api.ott.kinopoisk.ru/::
>
> would stop any queries for api.ott.kinopoisk.ru, including the IPv4 
> query, being sent upstream. That means the an A query (or any other 
> query) would return NODATA, and an AAAA query would return ::, which 
> is all consistent.

Not quite true.

1) In versions before 2.86 I used the following syntax to achieve the 
same behaviour:

server=/domain.com/#
address=/domain.com/::

This way AAAA query returned :: and A query was forwarded to upstream 
servers (and this is exactly what I want - to block AAAA for specific 
domains)

And this configuration had the same issue with CNAME. If domain.com is a 
CNAME to someotherdomain.com, after making a query to 
someotherdomain.com, queries to domain.com returns upstream AAAA record 
instead of ::

2) Since 2.86 for some reason this config doesn't work:

server=/domain.com/#
address=/domain.com/::

The AAAA query return ::, but A query return NODATA, ignoring the server 
directive.

3) But if I throw away server=/domain.com/# this works as expected - 
AAAA query returns :: and A query is forwarded to upstream servers

address=/domain.com/::


Anyway, if you do any changes please do not break the possibility to 
send :: AAAA for specific domains while forwarding A queries to upstream 
servers.

filter-AAAA is not a solution because I want to prevent IPv6 resolution 
only for specific domains.