Disabling A records for IPv6?
marka at isc.org
Fri Dec 28 22:06:12 UTC 2012
Truly, one should be fixing the applications not mucking with DNS responses. DNS servers do not know the purpose of the A record lookup so changing it in the server may break other applications. Additionally doing this will break applications using DNSSEC.
There is no good reason to be IPv6 only in production yet. Now is the time to be testing and getting things fixed not introducing kludges like this. Complain to the vendor if the application does "stupid shit". That way they know they need to fix their products.
On 29/12/2012, at 8:27, Robin Lee Powell <rlpowell at cytobank.org> wrote:
> On Fri, Dec 28, 2012 at 07:57:24PM +0000, Phil Mayers wrote:
>> Robin Lee Powell <rlpowell at cytobank.org> wrote:
>>> So I've got some IPv6-only VMs set up that need to talk to the
>>> general internet for things like downloading packages. As you
>>> can imagine, this requires that they have NAT64 and DNS64,
>>> because lots and lots of things are IPv4 only.
>>> The problem is that many things do *stupid shit* when given both
>>> A and AAAA records for the same request on an IPv6 host. In
>>> particular, the issue I'm hitting now is that node.js simply
>>> fails to try anything but the A record.
>>> I've actually got a workaround for this (puppet the AAAA in
>>> /etc/hosts with the FQDN of the npm host), but it's kind of
>>> unfortunate, and it would be nice to fix this at the BIND end if
>> Really? It is normally the other way round.
> Yeah, but pure IPv6 hosts are still relatively uncommon.
>> One solution that springs to mind - a view that uses rpz to filter
>> 0.0.0.0/0 to NODATA but leaves v6 untouched.
> How hard is that to set up?
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users