Re: [PATCH 1/1] dns64: Fall back to plain AAAA query with synthall but no A records

Wed, 18 Oct 2023 03:18:13 -0700 

Hi Daniel,

The change looks good for me.
It does change current behavior but I think that the new behavior (when asked to synthesize but no A exists, fallback to the existing AAAA) makes sense for a default configuration. 


However, I am not a DNS64 operator so if people here feel differently a 
new option could be introduced for that.



I already committed this (and the other patches, thanks!) to the 
repository and an extra option could be introduced in the future if 
people see the need for it.


Best regards,
-- Yorgos

On 09/10/2023 14:46, Daniel Gröber via Unbound-users wrote:

Networks which only have tunneled IPv6 access but still want to go
IPv6-only internally can use unbound's DNS64 module together with the
dns64-synthall or dns64-ignore-aaaa options to direct most traffic (any
dualstack domain) to their NAT64.

There is only one problem with this setup, currently domains with only AAAA
records will fail to resolve.

To allow for this use-case arrange for the A sub-query to make the AAAA
super query advance along the module stack when no records are returned.

Signed-off-by: Daniel Gröber <d...@darkboxed.org>
---
I kept this initial hakcy version as simple as possible, but IMO the
whole DNS64 module needs a bit of a refactoring to do this cleanly.

I'm not entirely sure if the fallback behaviour should be controlled
by a config option or not. I'm open to suggestions.

  dns64/dns64.c | 11 +++++++++++
  1 file changed, 11 insertions(+)

diff --git a/dns64/dns64.c b/dns64/dns64.c
index b856a86c..3cb60881 100644
--- a/dns64/dns64.c
+++ b/dns64/dns64.c
@@ -981,6 +981,17 @@ dns64_inform_super(struct module_qstate* qstate, int id,
                return;
        }

  
+	/* When no A record is found for synthesis fall back to AAAA again. */

+       if (qstate->qinfo.qtype == LDNS_RR_TYPE_A &&
+           qstate->return_rcode == LDNS_RCODE_NOERROR &&
+           !( qstate->return_msg &&
+              qstate->return_msg->rep &&
+              reply_find_answer_rrset(&qstate->qinfo, 
qstate->return_msg->rep)))
+       {
+               super_dq->state = DNS64_INTERNAL_QUERY;
+               return;
+       }
+
        /* Use return code from A query in response to client. */
        if (super->return_rcode != LDNS_RCODE_NOERROR)
                super->return_rcode = qstate->return_rcode;






















					Reply via email to