How can limit recursive query on ipv6 network?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How can limit recursive query on ipv6 network?

Sukmoon Lee
Hello.

Our DNS Server has services on IPv6 network.
Clients queries on ipv6 network. But recursive client query is only to use on ipv4 network.
(DNS Server has not ipv6 network for foreign network.)

So DNS server performs unnecessary a recursive client query for ipv6.
How can limit recursive query on ipv6 network?


I modified some source code as shown below to confirm the ipv6 limit query for recursive client.
This code seems to work well. Is there any problem using this?

Thanks.




[root@smlee:/root/isc] $ diff -Nur bind-9.9.9-P4/ bind-9.9.9-P4-ipv6/
diff -Nur bind-9.9.9-P4/lib/dns/resolver.c bind-9.9.9-P4-ipv6/lib/dns/resolver.c
--- bind-9.9.9-P4/lib/dns/resolver.c    2016-10-21 14:12:02.000000000 +0900
+++ bind-9.9.9-P4-ipv6/lib/dns/resolver.c       2017-01-03 19:11:57.246779004 +0900
@@ -3419,6 +3419,7 @@
                        return;
                }

+retry_addrinfo:
 #ifdef ENABLE_FETCHLIMIT
                while ((addrinfo = fctx_nextaddress(fctx)) != NULL) {
                        if (! dns_adbentry_overquota(addrinfo->entry))
@@ -3428,6 +3429,16 @@
                addrinfo = fctx_nextaddress(fctx);
 #endif /* !ENABLE_FETCHLIMIT */

+               if (addrinfo != NULL &&
+                               addrinfo->sockaddr.type.sa.sa_family == AF_INET6) {
+                       /*
+                       isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+                                     DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+                                     "skip %p (%s) %p", fctx, fctx->info, addrinfo);
+                       */
+                       goto retry_addrinfo;
+               }
+
                /*
                 * While we may have addresses from the ADB, they
                 * might be bad ones.  In this case, return SERVFAIL.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: How can limit recursive query on ipv6 network?

Mark Andrews

        server ::/0 { bogus yes; };

        Adjust for actual reachable topology.

        Note the real fix for this is to get IPv6 connectivity to the
        world.  Trying to run with disconnected IPv6 island is only
        asking for pain.

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: [hidden email]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users