Am 01.02.23 um 16:12 schrieb Bjørn Mork:
This sort of "works" for me (although very broken by design, as already
noted):
Thank you for providing a work around and testing it.
I am still not convinced that the filter-a harms less when a real
is provided instead of the synthesized. It bre
Thank you for your answers.
Of course dns64 breaks dnssec, like any other manipulation of dns
resource records.
But it doesn't mean that filtering A records breaks dns64, it still only
breaks dnssec.
So filtering A records and dnssec is mutually exclusive.
I know almost all popular dual stac
Am Dienstag, 31. Januar 2023, 20:03:42 CET schrieb Marco:
>
> Why would it make sense to block them?
Avoiding wrong decisions by "happy eyeballs" - probably the same rare reasons
why isc introduced the filter yeas ago - in theory there is no reason to
block nor A. But blocking A depe
istributions.
My experience until now: the a record filter doesn't break anything, but it
make some apps working without clat - so at least some windows and linux
apps.
Now I am testing the usefulness of bind. In the recent state it isn't useful.
Regards
Thomas Schäfer
--
Vi
Hi,
I use tumbleweed for testing, since compiling bind is hard(at least for me).
bind version: 9.18.11
options {
dns64 64:ff9b::/96 {
clients { any; };
recursive-only yes;
mapped { !10/8; any; };
};
};
plugin query "filter-a.so" {
filt
5 matches
Mail list logo
