Hello.
Our DNS Server has services on IPv6 network.
Clients queries on ipv6 network. But recursive client query is only to use on
ipv4 network.
(DNS Server has not ipv6 network for foreign network.)
So DNS server performs unnecessary a recursive client query for ipv6.
How can limit recursive query on ipv6 network?
I modified some source code as shown below to confirm the ipv6 limit query for
recursive client.
This code seems to work well. Is there any problem using this?
Thanks.
[root@smlee:/root/isc] $ diff -Nur bind-9.9.9-P4/ bind-9.9.9-P4-ipv6/
diff -Nur bind-9.9.9-P4/lib/dns/resolver.c bind-9.9.9-P4-ipv6/lib/dns/resolver.c
--- bind-9.9.9-P4/lib/dns/resolver.c 2016-10-21 14:12:02.000000000 +0900
+++ bind-9.9.9-P4-ipv6/lib/dns/resolver.c 2017-01-03 19:11:57.246779004
+0900
@@ -3419,6 +3419,7 @@
return;
}
+retry_addrinfo:
#ifdef ENABLE_FETCHLIMIT
while ((addrinfo = fctx_nextaddress(fctx)) != NULL) {
if (! dns_adbentry_overquota(addrinfo->entry))
@@ -3428,6 +3429,16 @@
addrinfo = fctx_nextaddress(fctx);
#endif /* !ENABLE_FETCHLIMIT */
+ if (addrinfo != NULL &&
+ addrinfo->sockaddr.type.sa.sa_family ==
AF_INET6) {
+ /*
+ isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+ DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+ "skip %p (%s) %p", fctx, fctx->info,
addrinfo);
+ */
+ goto retry_addrinfo;
+ }
+
/*
* While we may have addresses from the ADB, they
* might be bad ones. In this case, return SERVFAIL.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
