Hi all, I have a possibly not-so unique use case to send an NXDOMAIN answer to clients that query for an AAAA record for a specific domain. I am running dnsmasq on an OpenWRT router.
Elaborating on the problem: 1. I have IPv6 connectivity through an HE.net (Hurrricane Electric) tunnel 2. Netflix has blocked access to their content via IPv6 emanating from HE.net 3. The result: I am unable to access NetFlix on my iDevices. However, my old Roku (that possibly does not support IPv6) works fine. This is why I know that the problem is IPv6 related. Proposed solutions: 1. On scouring the net, I found one of the solutions being to null-route the Netflix IPv6 blocks, forcing my devices to try and connect via IPv4. However, the Netflix IPv6 block actually is part of a larger AWS block, so that means going without IPv6 for also many other AWS services. (Aside: wondering why a large company like Netflix cannot get its own IPv6 prefix?) So, the alternative I am thinking of is to let my router's DNS server (dnsmasq) lie about the non-existence of AAAA records for *.netflix.com. Is there a way to make that happen? I have been able to block netflix by using: address=/netflix.com/127.0.0.1 address=/netflix.com/::1 However, just using: address=/netflix.com/::1 Breaks it for IPv4 also. So, any ideas as to how to do finer grained DNS filtering? Thanks, Sachin _______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
