On 2015-10-07 15:51, Per Jessen wrote:
Yamaban wrote:
IMHO a clear answer (NXDOMAIN) is better than blocking / dropping / ignoring a "AAAA" request. Less timeouts, and a defined behaviour.
I guess I don't quite appreciate when this would be required, but yes, any clear answer is better than no answer, absolutely. Still, it doesn't seem to me to be a job for the nameserver to determine what is good for the application or not.
Well, it is a convenient hack, in the hands of the administrator :-) Yes, we could configure on each application that supports it to use only IPv6, but many do not have it. The available "hack" when everything else fails (using gai.conf, etc) we use is disable IPv6 support via kernel switch, systemwide. It is not possible to allow IPv6 on the local netowrk and disable it on Internet (the use case is that the ISP doesn't provide it yet). Thus an interesting hack is that the DNS doesn't provide IPv6 answers, even when applications ask for it. Maybe another would be to route all external IPv6 connections to a dummy :-?? But this would produce timeouts and errors. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)