[PATCH 1/1] dns64: Fall back to plain AAAA query with synthall but no A records

Yorgos Thessalonikefs yorgos at nlnetlabs.nl
Wed Oct 18 10:17:40 UTC 2023 

Hi Daniel,

The change looks good for me.
It does change current behavior but I think that the new behavior (when 
asked to synthesize but no A exists, fallback to the existing AAAA) 
makes sense for a default configuration.

However, I am not a DNS64 operator so if people here feel differently a 
new option could be introduced for that.

I already committed this (and the other patches, thanks!) to the 
repository and an extra option could be introduced in the future if 
people see the need for it.

Best regards,
-- Yorgos

On 09/10/2023 14:46, Daniel Gröber via Unbound-users wrote:
> Networks which only have tunneled IPv6 access but still want to go
> IPv6-only internally can use unbound's DNS64 module together with the
> dns64-synthall or dns64-ignore-aaaa options to direct most traffic (any
> dualstack domain) to their NAT64.
> 
> There is only one problem with this setup, currently domains with only AAAA
> records will fail to resolve.
> 
> To allow for this use-case arrange for the A sub-query to make the AAAA
> super query advance along the module stack when no records are returned.
> 
> Signed-off-by: Daniel Gröber <dxld at darkboxed.org>
> ---
> I kept this initial hakcy version as simple as possible, but IMO the
> whole DNS64 module needs a bit of a refactoring to do this cleanly.
> 
> I'm not entirely sure if the fallback behaviour should be controlled
> by a config option or not. I'm open to suggestions.
> 
>   dns64/dns64.c | 11 +++++++++++
>   1 file changed, 11 insertions(+)
> 
> diff --git a/dns64/dns64.c b/dns64/dns64.c
> index b856a86c..3cb60881 100644
> --- a/dns64/dns64.c
> +++ b/dns64/dns64.c
> @@ -981,6 +981,17 @@ dns64_inform_super(struct module_qstate* qstate, int id,
>   		return;
>   	}
>   
> +	/* When no A record is found for synthesis fall back to AAAA again. */
> +	if (qstate->qinfo.qtype == LDNS_RR_TYPE_A &&
> +	    qstate->return_rcode == LDNS_RCODE_NOERROR &&
> +	    !( qstate->return_msg &&
> +	       qstate->return_msg->rep &&
> +	       reply_find_answer_rrset(&qstate->qinfo, qstate->return_msg->rep)))
> +	{
> +		super_dq->state = DNS64_INTERNAL_QUERY;
> +		return;
> +	}
> +
>   	/* Use return code from A query in response to client. */
>   	if (super->return_rcode != LDNS_RCODE_NOERROR)
>   		super->return_rcode = qstate->return_rcode;

More information about the Unbound-users mailing list