Can I configure a DNS cache not to forward AAAA queries?

Posted by itsadok on Server Fault See other posts from Server Fault or by itsadok
Published on 2013-11-11T09:06:55Z Indexed on 2013/11/11 9:59 UTC
Read the original article Hit count: 408

Filed under:

dns

|

IPv6

|

internal-dns

I'm setting up an internal DNS cache because my firewall is having trouble handling all the sessions created by DNS requests. I tried using bind9, dnsmasq and DJB dnscache, they all help reduce the number of requests leaving my network, but there are still a lot of request being made.

Looking at the log files, and tcpdump and dnstop outputs, it seems that requests that return SERVFAIL do not get cached at all. And a lot of those failed requests are AAAA requests, which is a shame, because I do not have ipv6 enabled on any server.

I've looked at several ways to help the situation, and I think if I could somehow prevent AAAA record requests from being forwarded by the DNS cache, it would reduce the number of requests significantly.

The closest thing I found was the filter-aaaa-on-v4 option in BIND9. However, this only removes the record from the server response, and does not prevent it from forwarding it.

Any help would be appreciated.

© Server Fault or respective owner

Related posts about dns

Master/Slave DNS setup vs. rsync'ed DNS servers

as seen on Server Fault - Search for 'Server Fault'
We currently have primary and secondary DNS servers on our corporate network. They are setup in a master/slave type setup, where the slave gets its DNS information from the master. I'm trying to figure out what the real advantage is for the master/slave setup instead of just setting up an automated… >>> More
Updating Windows DNS records from a remote windows DNS server

as seen on Server Fault - Search for 'Server Fault'
Does anyone know if it is possible for a windows 2003 DNS server to update the records for a domain so that it contains all the records of a domain of of a remotely based DNS server? Im almost certain that doesn't quite explain the problem so I shall illustrate with an example: We have two offices… >>> More
OpenVPN DNS: VPN DNS stomping local VPN

as seen on Super User - Search for 'Super User'
I've finally noodled with OpenVPN enough to get it working. Even better, I can mount samba drives, ping network machines through the TUN device, etc - it's all great. However, I'm noticing that if I have the directive: push "dhcp-option DNS 10.0.1.1" # Push our local DNS to clients Then some of… >>> More
Random DNS Client Issue with BIND9/Windows Server 2003 DNS

as seen on Stack Overflow - Search for 'Stack Overflow'
Within our office, we have a local server running DNS, for internal related "domains", (e.g. .internal, .office, .lan, .vpn, etc.). Randomly, only the hosts configured with those extensions will stop resolving on the Windows-based workstations. Sometimes it'll work for a couple weeks without issue… >>> More
DNS Tools - DNS and Few of its Concerning Terms and Tools

as seen on Article City - Search for 'Article City'
A DNS or Domain Name System lets you locate computers on a network or the Internet TCP/IP network by domain name. The DNS server sustains a database of domain names or host names along with their cor... [Author: Daisy Osbaldo - Computers and Internet - April 02, 2010] >>> More

Related posts about IPv6

IPV6 auto configuration not working

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
In Windows 7, my computer can automatically get a IPV6 global address and use IPV6 network, but in Ubuntu Natty, I can't find out how to let stateless configuration work. My network is a university campus network,so I don't need tunnels. I think if one thing can silently and successfully be accomplished… >>> More
Fritz!Box IPv6-Address different than IPv6-Prefix

as seen on Server Fault - Search for 'Server Fault'
In my Fritzbox it states the following: IPv6-Adresse: 2a02:8070:600::14b6:c7******, Gültigkeit: 100465/86065s IPv6-Präfix: 2a02:8070:62c:3200::/56, Gültigkeit: 100464/86064s I am not able to connect to IPv6 Addresses from computers configured by the fritzbox, because they get an address with prefix… >>> More
Static IPv6 address advertising and IPv6 autoconfig in Debian/Ubuntu

as seen on Server Fault - Search for 'Server Fault'
I have a network that advertises IPv6 addresses through IPv6 autoconfig. To allow DNS lookups and to have fancy IP addresses, we setup "static" IPv6 addresses through /etc/network/interfaces: auto eth0 iface eth0 inet dhcp iface eth0 inet6 static address a:b:c:d:e::f netmask 64 Whenever… >>> More
HTG Explains: Are You Using IPv6 Yet? Should You Even Care?

as seen on How to geek - Search for 'How to geek'
IPv6 is extremely important for the long-term health of the Internet. But is your Internet service provider providing IPv6 connectivity yet? Does your home network support it? Should you even care if you’re using IPv6 yet? Switching from IPv4 to IPv6 will give the Internet a much larger pool… >>> More
Debian, 6rd tunnel, and connection troubles

as seen on Server Fault - Search for 'Server Fault'
Long story short I am having issues with IPv6 using a 6rd tunnel with my ISP, charter business. They offer a 6rd tunnel that I think I have properly set up, but the server doesn’t reply to every ipv6 request. When the server has the network interfaces idle with no traffic for about 10 minutes, then… >>> More