1

Is it possible to block AAAA answers being sent back to clients from a local dns server, but only for certain forward dns domains? I know I can do the filtering based on ipv6 subnet (working sample below), but i would like to filter out based on domain.

I.e. google services (1e100.net domain) are much faster over ipv4 transport, yet i'd still like to have ipv6 for everything else.

;this RPZ entry successfully blocks AAAA answers that match 2001:db8:aa::/48
48.zz.aa.db8.2001.rpz-ip       IN      CNAME   .

My local DNS server in question is running bind 9.9.5

vobelic
  • 183
  • 1
  • 5
  • 15
  • 1
    You must have some seriously strange connectivity. In most of the world Google services are much faster over IPv6. – Michael Hampton Aug 16 '20 at 16:36
  • It's not native ipv6, so the path is a bit suboptimal, i.e. I cannot benefit from a local Internet eXchange point.. But I've had cases where v6 had better throughout. – vobelic Aug 16 '20 at 20:05

0 Answers0