I don't understand why you are saying "But /29 prefix is not work." FaceBook is 2a03:2880::/29 and the acl code should handle this.
Mark [rock:~/git/bind9/xxxxxx] marka% whois -r 2a03:2880:: % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '2a03:2880::/29' % Abuse contact for '2a03:2880::/29' is 'dom...@fb.com' inet6num: 2a03:2880::/29 netname: IE-FACEBOOK-201100822 country: IE org: ORG-FIL7-RIPE admin-c: RD4299-RIPE tech-c: RD4299-RIPE status: ALLOCATED-BY-RIR mnt-by: RIPE-NCC-HM-MNT mnt-lower: fb-neteng mnt-routes: fb-neteng created: 2015-09-24T12:59:37Z last-modified: 2016-04-14T10:48:51Z source: RIPE # Filtered In message <0171a9ab70c54918ab355dc66dda3...@skt-tnetpmx2.skt.ad>, LEE SUKMOON writes: > Thank you. > > Your advice is very well done. Thank you again. > But /29 prefix is not work. /32 prefix is good work. > > > dns64 64:ff9b::/96 { > clients { acl_ipv6; ::1; }; > exclude { > 2a03:2880::/32; // Facebook > }; > }; > > root@DNS_STG:/root $ dig @::1 m.facebook.com aaaa +short > star-mini.c10r.facebook.com. > 64:ff9b::1f0d:4423 > root@DNS_STG:/root $ dig @::1 m.facebook.com aaaa +short > star-mini.c10r.facebook.com. > 64:ff9b::1f0d:4423 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
