Unbound overrides - for AAAA records only

Started by mihak, October 15, 2020, 10:44:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 15, 2020, 10:44:13 PM
I want to selectively override AAAA records resolution for Netflix domains yet keep A records resolution intact - as described in this Github gist. Yes, I use Tunnelbroker for IPv6 and still want to use Netflix...


The problem is that the Unbound overrides in OPNSense are impacting both A and AAAA at the same time; if I redirect netflix.com to ::, the override will work for both A and AAAA request, as tested by dig commands:
Code Select
dig @192.168.1.1 netflix.com AAAA
dig @192.168.1.1 netflix.com A

Am I doing it wrong? Is this by design for current Unbound implementation? Any idea how to achieve the desired result of overriding AAAA but not A records?
October 15, 2020, 10:54:35 PM #1
to provide more details for reproduction:
- create a single override in Services/Unbound/Overrides:

Host: *
Domain: netflix.com
Type: A or AAAA
IP: ::

here are dig results before the entry:

Code Select
dig @192.168.1.1 netflix.com AAAA

; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.1 netflix.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7685
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;netflix.com.                   IN      AAAA

;; ANSWER SECTION:
netflix.com.            21      IN      AAAA    2620:108:700f::3424:eece
netflix.com.            21      IN      AAAA    2620:108:700f::340b:d31a
netflix.com.            21      IN      AAAA    2620:108:700f::22d8:7a24
netflix.com.            21      IN      AAAA    2620:108:700f::22d1:16ca
netflix.com.            21      IN      AAAA    2620:108:700f::342b:d6c4
netflix.com.            21      IN      AAAA    2620:108:700f::23a1:2008
netflix.com.            21      IN      AAAA    2620:108:700f::341a:4fae
netflix.com.            21      IN      AAAA    2620:108:700f::3427:1a02




dig @192.168.1.1 netflix.com A


; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.1 netflix.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23065
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;netflix.com.                   IN      A


;; ANSWER SECTION:
netflix.com.            20      IN      A       52.33.157.25
netflix.com.            20      IN      A       52.25.226.150
netflix.com.            20      IN      A       54.187.176.196
netflix.com.            20      IN      A       52.11.104.17
netflix.com.            20      IN      A       35.161.95.70
netflix.com.            20      IN      A       34.208.21.204
netflix.com.            20      IN      A       34.216.180.180
netflix.com.            20      IN      A       34.215.127.206

and after the entry:
Code Select
dig @192.168.1.1 netflix.com A


; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.1 netflix.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6521
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;netflix.com.                   IN      A


;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Oct 15 13:47:01 PDT 2020
;; MSG SIZE  rcvd: 40


dig @192.168.1.1 netflix.com AAAA


; <<>> DiG 9.16.1-Ubuntu <<>> @192.168.1.1 netflix.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8831
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;netflix.com.                   IN      AAAA


;; ANSWER SECTION:
netflix.com.            3600    IN      AAAA    ::


;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Oct 15 13:47:12 PDT 2020
;; MSG SIZE  rcvd: 68


Clearly a single override impacted both AAAA and A records.
Print
Go Up Pages1
User actions