[Dnsmasq-discuss] extend filter-A to filter specific domains
Peter Tirsek
peter at tirsek.com
Thu Jan 5 04:48:20 UTC 2023
On Wed, 4 Jan 2023, Olaf Hering wrote:
> ignore AAAA responses for a specific domain during DNS lookup. This
> allows it to continue with IPv6 for other connections, and use IPv4
> only for such DNS domains.
>
> Unfortunately dnsmasq apparently lacks such feature.
Hi everyone, new subscriber here. :-)
What a coincidence: I have had the same need for quite a while, and
tonight I decided to finally sit down and implement it.
I use an IPv6 tunnel from HE.net -- or rather, I used to, because it's
currently causing problems with Netflix, among other things. A few
years ago (?), Netflix decided to block tunneled IPv6 connections
because they could be used to circumvent their geoblocking. I used to
get around the problem by blocking IPv6 connections to Netflix'
networks, thus forcing the clients to connect using IPv4, but these
days Netflix also use AWS and such, and the list of networks to block
is starting to affect other services, so it's no longer a particularly
good solution. I initially installed dnsmasq in the hope that it could
fix the problem by blocking IPv6 DNS while allowing IPv4 through as
normal, but just like you've experienced, I've been unable to find a
combination of options that do just that.
I think I have a patch that allows dnsmasq to do this. I've implemented
it as an extension to the --address option, similar to how you can use
--address=/domain.com/# to respond with the all-zeroes addres, I
suggest using --address=/domain.com/!6 to block AAAA queries, or .../!4
to block A queries for the specified domain name(s). Dnsmasq will then
respond with NXDOMAIN for the requested records.
I'm not 100% happy with the patch, but I hope to be able to submit it
tomorrow to get some suggestions and feedback.
--
Peter Tirsek
More information about the Dnsmasq-discuss
mailing list