Filtering IPv6 AAAA records?

Mark Andrews marka at
Wed Jul 25 12:15:35 UTC 2012

In message <CAEBgQMzfH2kvc7zYNi=eDewwq_TjJF8OfM9GKrq-3m7obqiS2Q at>
, Paul Reilly writes:
> Thanks all - the "filter-aaaa-on-v4" has worked well in testing.
> In terms of "why?" we do actually have native IPv6 upstream, and some parts
> of the network are fully IPv6 enabled, and access the internet on IPv6. But
> some areas are only IPv4. I need to make sure these IPv4 only parts of the
> network do not try and access IPv6 internet hosts - as they are blocked at
> the firewall.

Then please make sure that the firewall returns ICMPv6 unreachables or
spoofs RST for TCP.  Just dropping packets is guarenteed to result in
bad behaviour.
> Paul
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list