From c1e5e6781ee60ca7136b122b44742b2d035da032 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Gr=C3=B6ber=20via=20Unbound-users?= Date: Mon, 9 Oct 2023 14:46:35 +0200 Subject: [PATCH] dns64: Fall back to plain AAAA query with synthall but no A records MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Networks which only have tunneled IPv6 access but still want to go IPv6-only internally can use unbound's DNS64 module together with the dns64-synthall or dns64-ignore-aaaa options to direct most traffic (any dualstack domain) to their NAT64. There is only one problem with this setup, currently domains with only AAAA records will fail to resolve. To allow for this use-case arrange for the A sub-query to make the AAAA super query advance along the module stack when no records are returned. Signed-off-by: Daniel Gröber --- dns64/dns64.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/dns64/dns64.c b/dns64/dns64.c index 178427479..10e7512a9 100644 --- a/dns64/dns64.c +++ b/dns64/dns64.c @@ -982,6 +982,17 @@ dns64_inform_super(struct module_qstate* qstate, int id, return; } + /* When no A record is found for synthesis fall back to AAAA again. */ + if (qstate->qinfo.qtype == LDNS_RR_TYPE_A && + qstate->return_rcode == LDNS_RCODE_NOERROR && + !( qstate->return_msg && + qstate->return_msg->rep && + reply_find_answer_rrset(&qstate->qinfo, qstate->return_msg->rep))) + { + super_dq->state = DNS64_INTERNAL_QUERY; + return; + } + /* Use return code from A query in response to client. */ if (super->return_rcode != LDNS_RCODE_NOERROR) super->return_rcode = qstate->return_rcode;