Filter AAAA records in unbound

Kostas_Zorbadelos · May 4, 2012, 1:49pm

Greetings to all,

I am a newcomer to unbound. We will evaluate unbound as an alternative
to BIND for a new anycasted caching resolver setup.
One thing we will need in practice (and many others might need as well)
is the possibility to remove all AAAA records in replies for various
IPv6 brokeness cases in our networks. BIND provides the feature
filter-aaaa-on-v4 in recent versions (post 9.7) if compiled
accordingly. I can understand that this should not be considered a
permanent solution to the brokeness issues, just a quick workaround
(hopefully with a short life-span).

In the bug case

https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?format=multiple&id=356

which seems close but not quite the filter-aaaa-on-v4 BIND
functionality, the STATUS is marked RESOLVED LATER.
What do the developers think about introducing a filter-aaaa feature,
similar to BIND's, especially with the v6 launch day approaching?

Regards,

Kostas

Wouter · May 7, 2012, 8:45am

Hi Kostas,

Kostas_Zorbadelos · May 7, 2012, 3:12pm

"W.C.A. Wijngaards" <wouter@nlnetlabs.nl> writes:

Hi Wouter,

perhaps my point was not made clear.

Hi Kostas,

The IPv6 launch day has goals to enable IPv6 connectivity. With
working IPv6, this option is not needed.

That is the problem. There are cases of IPv6 brokeness today inside ISP
networks that will be exposed when AAAA records are published in large
content providers. Although not the proper solution, until the problems
are identified and fixed properly, there is a need for a quick
workaround. Filtering AAAA records is such a weapon in operator's
hands.

If the option is necessary, given IPv6 adoption and its surrounding
issues, then we could consider implementing the option.

OK understood. Time will tell if this is a necessary option or not. If
it is, I guess people have at least BIND and its filter-aaaa on v4
option.

Kind regards,
Kostas