BIND : filter-aaaa-on-v4 option
[ What’s filter-aaaa-on-v4 options ? ]
This option filters AAAA records out from IPv4 to prevent frequently occurring IPv4 fallback due to IPv6 timeout configured wrongly
[ how to use filter-aaaa-on-v4 ]
This option is added BIND9.7.0b2 and later versions.
You need to compile BIND with ./configure --enable-filter-aaaa
compile BIND
named.conf
[ when AAAA queries come from IPv4 ]
AAAA recoreds are filterd out.
So IPv6 timeout won’t happen.
[ when AAAA queries come from IPv6 ]
get AAAA records
[ What’s filter-aaaa-on-v4 options ? ]
This option filters AAAA records out from IPv4 to prevent frequently occurring IPv4 fallback due to IPv6 timeout configured wrongly
[ how to use filter-aaaa-on-v4 ]
This option is added BIND9.7.0b2 and later versions.
You need to compile BIND with ./configure --enable-filter-aaaa
| root@ubuntu-7:~/bind-9.7.3# ./configure --help | grep aaaa --enable-filter-aaaa enable filtering of AAAA records over IPv4 |
compile BIND
| 2020 ./configure --enable-filter-aaaa 2021 make 2022 make install |
named.conf
| options { directory "/var/cache/bind"; max-cache-size 1M; recursion yes; filter-aaaa-on-v4 yes; }; |
[ when AAAA queries come from IPv4 ]
AAAA recoreds are filterd out.
So IPv6 timeout won’t happen.
| root@ubuntu-7:~# dig @127.1 www.isc.org aaaa ; <<>> DiG 9.7.3 <<>> @127.1 www.isc.org aaaa ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59145 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1 ;; QUESTION SECTION: ;www.isc.org. IN AAAA ;; AUTHORITY SECTION: isc.org. 43168 IN NS sfba.sns-pb.isc.org. isc.org. 43168 IN NS ams.sns-pb.isc.org. isc.org. 43168 IN NS ord.sns-pb.isc.org. isc.org. 43168 IN NS ns.isc.afilias-nst.info. ;; ADDITIONAL SECTION: ns.isc.afilias-nst.info. 86369 IN A 199.254.63.254 |
[ when AAAA queries come from IPv6 ]
get AAAA records
| root@ubuntu-7:~# dig @::1 www.isc.org aaaa ; <<>> DiG 9.7.3 <<>> @::1 www.isc.org aaaa ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50213 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 2 ;; QUESTION SECTION: ;www.isc.org. IN AAAA ;; ANSWER SECTION: www.isc.org. 557 IN AAAA 2001:4f8:0:2::d ;; AUTHORITY SECTION: isc.org. 43157 IN NS ams.sns-pb.isc.org. isc.org. 43157 IN NS ns.isc.afilias-nst.info. isc.org. 43157 IN NS sfba.sns-pb.isc.org. isc.org. 43157 IN NS ord.sns-pb.isc.org. ;; ADDITIONAL SECTION: ns.isc.afilias-nst.info. 86358 IN A 199.254.63.254 ns.isc.afilias-nst.info. 86358 IN AAAA 2001:500:2c::254 |
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.