Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add prefer-ip4 and require-ip4/require-ip6 options #165

Closed
nomis opened this issue Feb 19, 2020 · 6 comments
Closed

Add prefer-ip4 and require-ip4/require-ip6 options #165

nomis opened this issue Feb 19, 2020 · 6 comments
Assignees

Comments

@nomis
Copy link

nomis commented Feb 19, 2020

There's a prefer-ip6 option but no corresponding prefer-ip4 option.

Many service providers are unable to consider the reputation of any source address smaller than a /64 but many VPS providers put all customers in the same /64.

This makes it impossible to reliably use IPv6 for outbound connections. For example, sending any email to Google over IPv6 will significantly reduce the likelihood of it being delivered.

When querying DNS blacklists/whitelists that impose a query limit based on source address, the only viable solution at this time is to prefer IPv4 whenever possible.

Ideally I'd like to be able to configure specific zones to be IPv4-only with a require-ip4 option.

@wcawijngaards
Copy link
Member

wcawijngaards commented Feb 25, 2020

Thanks for the issue report, the prefer-ip4 option is in the code base. It is the mirror identical of prefer-ip6. For the require options, not sure how that would work.

@dinguz
Copy link

dinguz commented Sep 18, 2020

It seems that the prefer-ip4 and prefer-ip6 options are not recognised in unbound-control. Is this done on purpose?

root@haanjdj:~ # unbound-control -c /var/unbound/unbound.conf get_option prefer-ip4
error unknown option

@wcawijngaards
Copy link
Member

wcawijngaards commented Sep 18, 2020

You need version 1.11.0 (or later) to have that option prefer-ip4. I guess you are using an older version.

@dinguz
Copy link

dinguz commented Sep 18, 2020

I have 1.11.0, according to unbound-control -h
I'm running OPNsense 20.7.2 BTW.

@wcawijngaards
Copy link
Member

wcawijngaards commented Sep 18, 2020

You are right, that is missing from the code. I added the missing functionality in commit 2541ccb and this should appear in the next release.

@dinguz
Copy link

dinguz commented Sep 18, 2020

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants