Skip to content

Latest commit

 

History

History
53 lines (36 loc) · 2.46 KB

README.md

File metadata and controls

53 lines (36 loc) · 2.46 KB

Filter AAAA

The Filter AAAA app allows filtering AAAA records by returning NODATA responses when A records for the same domain name are available. This allows clients with dual-stack (IPv4 and IPv6) internet connections to prefer using IPv4 to connect to websites and use IPv6 only when a website has no IPv4 support.

The app is a post processor. That means, it modifies a response generated by the DNS server before it is sent to the client.

Configuration

As any post processor, this app is configured globally in the app settings. Its configuration file is a JSON document which looks like the following:

{
  "enableFilterAaaa": true,
  "defaultTtl": 30,
  "bypassLocalZones": false,
  "bypassNetworks": [
    "192.168.1.0/24"
  ],
  "bypassDomains": [
    "example.com"
  ],
  "filterDomains": [
  ]
}

The individual settings are:

  • enableFilterAaaa: when set to false, this app is disabled and passes through the original response.

  • defaultTtl: The default TTL (seconds) to use for the response. This will be used by clients to cache negative response.

  • bypassLocalZones: when set to true, authoritative answers are passed through unmodified.

  • bypassNetworks: a list of networks. If a request originates from a client in any of the specified networks, the original response is passed through unmodified.

  • bypassDomains a list of domain names. If a request is for a domain in this list, the original response is passed through unmodified. This includes subdomains of the domains in bypassDomains, i.e. example.com also matches subdomain.example.com.

  • filterDomains a list of domain names. If the list of filtered domain names is specified then the app will filter AAAA responses only for the specified domain names and their subdomain names. When the list is empty then the app will filter AAAA responses for all domain names.

Post-processing

The app processes any response which matches all of the following criteria:

  • the response has a NoError response code
  • the query type is AAAA
  • the response contains at least one AAAA record
  • the request / response pair is not excluded by any configuration setting
  • a lookup for an up A record for the same domain is successful and returns an address

Note that this means that NXDOMAIN, SERVFAIL, and NODATA responses are left unmodified.

The matching responses are replaced by one which includes all the CNAME records from the original response and a SOA record, but no AAAA record.