Hi Nick, Since your request was to filter based on specific domains for qtype AAAA with custom response, I suggest looking into Response Policy Zone (RPZ) or LUA script.
Best Regards, Aleksandr On Sat, Oct 5, 2019 at 23:10 Nicholas Williams < nicho...@nicholaswilliams.net> wrote: > I’ve got a conundrum that has kind of come to a head for me. It may be > 2019, but Comcast is still too incompetent to provide me with > properly-working IPv6, so I’ve resorted to using a Hurricane Electric > tunnel for IPv6 access. However, Netflix blocks all Hurricane Electric and > similar tunnels under the assumption that you’re trying to scam their > location identification and access content that you don’t have geographic > access to and, worse, the Netflix apps prefer IPv6 over IPv4 when it’s > available, so Hurricane Electric users are kinda screwed. > > In the past, I’ve dealt with this by adding a black hole route for > Netflix’s IPv6 prefix. However, I’m now having to block THREE /48 prefixes > in order to keep Netflix working, and from what I can tell that means I’m > now blocking most of AWS’s enter CDN, so I’m losing out on IPv6 on a bunch > of sites. > > This solution is really like using a sledgehammer to install a picture > frame hanger (and having to replace the picture frame hanger every few > months). A better solution is to prevent Netflix from doing AAAA lookups > (or somehow filter them and respond with only A results). I’m already using > PowerDNS Recursor for my DNS. Is there a way I can configure PowerDNS > Recursor so that certain domains (like Netflix) respond with only A results > and never return AAAA results, so that I can remove my blackhole routes? > > Thanks, > > Nick > > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users >
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
