lost and found ( for me ? )

BIND 9.8.1-P1 : aaaa-filter


Here's an update of aaaa-filter behaviors.

[ test environment ]

Caching Name server (filter-aaaa-on-v4 yes; )  --- Auth

To use AAAA filter , compile BIND with --enable-filter-aaaa option.
# ./configure --enable-filter-aaaa


And add "filter-aaaa-on-v4 yes;" in the view option.
# grep aaaa /etc/named.conf
       filter-aaaa-on-v4 yes;


[ when the Auth server has both A and AAAA RRs ]

If Auth servers have both A and AAAA RRs , Caching Name servers
filter out AAAA RRs.

The Auth has both A and AAAA RRs.
www.example.jp. 60      IN      A             192.168.100.100
www.example.jp.       60 IN      AAAA    fe80::20c:29ff:feab:bfad


on the cache server , issue the dig with IPv4.
# dig @127.1 www.example.jp aaaa

; <<>> DiG 9.8.1-P1 <<>> @127.1 www.example.jp aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26864
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.example.jp.                        IN      AAAA

;; AUTHORITY SECTION:
example.jp.             86400   IN      NS      ns1.example.jp.

AAAA RRs were filtered out.

[ when the Auth server has only AAAA RRs ]

If Auth servers have only AAAA RRs , Caching Name Servers
don’t filter out AAAA RRs even though aaaa-filter is enabled.

The Auth server has only AAAA RRs.
;www.example.jp. 60      IN      A             192.168.100.100  <- comment it out
www.example.jp.              60 IN      AAAA    fe80::20c:29ff:feab:bfad


issue the dig with IPv4 on the caching name server.
# dig @127.1 www.example.jp aaaa

; <<>> DiG 9.8.1-P1 <<>> @127.1 www.example.jp aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55678
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.example.jp.                        IN      AAAA

;; ANSWER SECTION:
www.example.jp.         60      IN      AAAA    fe80::20c:29ff:feab:bfad

;; AUTHORITY SECTION:
example.jp.             3600    IN      SOA     ns1.example.jp. hostmaster.example.jp. 2011120402 3600 900 2592000 3600

AAAA RRs weren’t filtered out.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.