Here's an update of aaaa-filter behaviors.
[ test environment ]
Caching Name server (filter-aaaa-on-v4 yes; ) --- Auth
To use AAAA filter , compile BIND with --enable-filter-aaaa option.
# ./configure --enable-filter-aaaa
|
And add "filter-aaaa-on-v4 yes;" in the view option.
# grep aaaa /etc/named.conf
filter-aaaa-on-v4 yes;
|
[ when the Auth server has both A and AAAA RRs ]
If Auth servers have both A and AAAA RRs , Caching Name servers
filter out AAAA RRs.
The Auth has both A and AAAA RRs.
www.example.jp. 60 IN A 192.168.100.100
www.example.jp. 60 IN AAAA fe80::20c:29ff:feab:bfad
|
on the cache server , issue the dig with IPv4.
# dig @127.1 www.example.jp aaaa
; <<>> DiG 9.8.1-P1 <<>> @127.1 www.example.jp aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26864
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.example.jp. IN AAAA
;; AUTHORITY SECTION:
example.jp. 86400 IN NS ns1.example.jp.
|
AAAA RRs were filtered out.
[ when the Auth server has only AAAA RRs ]
If Auth servers have only AAAA RRs , Caching Name Servers
don’t filter out AAAA RRs even though aaaa-filter is enabled.
The Auth server has only AAAA RRs.
;www.example.jp. 60 IN A 192.168.100.100 <- comment it out
www.example.jp. 60 IN AAAA fe80::20c:29ff:feab:bfad
|
issue the dig with IPv4 on the caching name server.
# dig @127.1 www.example.jp aaaa
; <<>> DiG 9.8.1-P1 <<>> @127.1 www.example.jp aaaa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55678
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.example.jp. IN AAAA
;; ANSWER SECTION:
www.example.jp. 60 IN AAAA fe80::20c:29ff:feab:bfad
;; AUTHORITY SECTION:
example.jp. 3600 IN SOA ns1.example.jp. hostmaster.example.jp. 2011120402 3600 900 2592000 3600
|
AAAA RRs weren’t filtered out.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.