filter-aaaa-on-v4 not available in Windows binary?

pLAN9 admin at pLAN9.co
Wed Aug 30 15:55:42 UTC 2017 

Apologies all, I missed an Event Viewer entry:

"C:\Program Files\ISC BIND 9\etc\named.conf:19: option 
'filter-aaaa-on-v4' was not enabled at compile time"

So it appears I DO have to recompile...


As to why I like this feature..... *sigh* I have gigabit fiber AT&T 
business connection with a Cisco 1921 that I configure for remote access 
IKEv2 IPsec. AT&T has not enabled IPv6 at the moment for my connection 
(and even if they had, they currently use a pretty awful 6rd setup that 
tunnels v6 traffic and limits it to ~40-60mbps). When I connect to the 
VPN from a client location that has dual-stack (such as my Android phone 
on Verizon), the VPN SA is made for the v4 address but not the v6 
address. Android, it seems, has a bit of a broken split tunneling 
implementation, and it appears that when my v4-only VPN is connected, 
outgoing traffic to v6 destinations is simply dropped, and crucially the 
v4 address is never tried. The net effect is I am unable to access any 
website that has enabled v6, or attempt to otherwise access any resource 
that is discovered via an AAAA DNS record.

If I could root my phone, I would just disable IPv6 on the phone, but I 
can't do that at the moment. So this solution currently works best; the 
phone only gets A records returned for all DNS lookups, and thus only 
tries to connect to IPv4 addresses. It's a horrible kludge for my 
specific situation that I hope will change soon :)

Thanks!


On 8/30/2017 8:50 AM, Mark Andrews wrote:
> In message <20170830112841.GK2027 at harrier.slackbuilds.org>, /dev/rob0 writes:
>> On Tue, Aug 29, 2017 at 02:12:43PM -0500, pLAN9 wrote:
>>> I have downloaded the latest 9.11.2 BIND running on Windows 10 and
>>> have set up a successful caching-only server. When I try to add
>>> "filter-aaaa-on-v4 yes" to the global "options" section of
>>> named.conf, the Windows BIND service fails to start, with an event
>>> viewer log entry stating a "Parsing error" on the line containing
>>> the filter statement.
>> I suspect you have a syntax error, or maybe non-ASCII characters
>> in your named.conf.
> Agreed.  You should get a log message about it not being configured.
>
>>> Does this mean I will have to manually compile BIND on WIndows
>>> for this option to work?
>> There is no specific compile flag to enable that feature, so no.
> It's conditionally compiled (--enable-filter-aaaa).
>
> #ifdef ALLOW_FILTER_AAAA
>          { "filter-aaaa", &cfg_type_bracketed_aml, 0 },
>          { "filter-aaaa-on-v4", &cfg_type_filter_aaaa, 0 },
>          { "filter-aaaa-on-v6", &cfg_type_filter_aaaa, 0 },
> #else
>          { "filter-aaaa", &cfg_type_bracketed_aml,
>             CFG_CLAUSEFLAG_NOTCONFIGURED },
>          { "filter-aaaa-on-v4", &cfg_type_filter_aaaa,
>             CFG_CLAUSEFLAG_NOTCONFIGURED },
>          { "filter-aaaa-on-v6", &cfg_type_filter_aaaa,
>             CFG_CLAUSEFLAG_NOTCONFIGURED },
> #endif
>
>>> I assume that I don't need a full version of Visual Studio
>>> to compile, the free "Community" edition of VS 2017 will work?
>> I think the Knowledge Base has an article on compiling BIND for
>> Windows.  But again, I doubt that could be the problem.
>> -- 
>>    http://rob0.nodns4.us/
>>    Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list