My ISP has problems with IPv6, and I want DNS on the Turris to not return any AAAA IPv6 answers at all, only IPv4.
What’s the best way to get it to do that?
Isn’t it better to just turn off IPv6 on Turris? (say, in /reforis/network-settings/wan)
The problem is that there are computers on the network, eg Arch Linux which has IPV6 enabled by default, and as soon as DNS reports IPV6 addresses as part of DNS query search results, it tries to connect to them instead of IPV4 addresses. So I’m wanting DNS to not report any IPV6 addresses in its responses.
IPv6 is already disabled in /reforis/network-settings/wan but DNS still reports IPv6 addresses in its query responses, eg router is 192.168.16.1 as below…
root@turris:~# nslookup www.google.com 192.168.16.1
Server: 192.168.16.1
Address: 192.168.16.1:53
Non-authoritative answer:
Name: www.google.com
Address: 142.250.66.228
Non-authoritative answer:
Name: www.google.com
Address: 2404:6800:4006:810::2004
1 Like
Yes, that is not meant to filter AAAA from DNS answers. It’s perfectly normal that even if IPv6 doesn’t work, DNS is not touched.
Off the top of my head, you can filter AAAA by this, slightly modified from a previous post.
Add line option include_config '/etc/kresd/custom.conf' in section option include_config '/etc/kresd/custom.conf' in file /etc/config/resolver.
Create file /etc/kresd/custom.conf with:
modules = { 'policy' }
local function filterAAAA (state, req)
local qry = req:current()
if qry.stype == kres.type.AAAA then
return kres.DONE
end
return state
end
policy.add(policy.all(filterAAAA))
1 Like
Děkuji moc
(I did live in Kladno for two years a while back)
That seems to have worked:
root@turris:/etc/kresd# nslookup www.google.com
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
Name: www.google.com
Address: 142.250.66.228
Non-authoritative answer:
root@turris:/etc/kresd#
I think the only correct answer is to ask your ISP to fix the problem with their service.