You could run unbound on the squid host (or elsewhere) and use this config to drop all AAAA requests. It utilises unbound's ability to include custom python scripts.
https://github.com/berstend/unbound-no-aaaa Configure unbound to forward all other DNS requests to your existing nameservers and reconfigure squid to use unbound via the dns_nameservers directive. On Thu, Jun 10, 2021 at 11:58 AM Amos Jeffries <squ...@treenet.co.nz> wrote: > On 10/06/21 11:42 am, Alex Rousskov wrote: > > On 6/9/21 6:16 PM, Ambrose Li wrote: > >> On Wed, Jun 09, 2021 at 12:05:40PM -0400, Alex Rousskov wrote: > >>> Not that I know of. You can implement this logic inside a custom DNS > >>> resolver script, or you can reconfigure Squid whenever your outgoing > >>> addresses change, but I understand that you are looking for a better > >>> solution. > > > >> What are the current recommendations for custom DNS resolver scripts? > > > > I was talking about a custom script that implements a custom DNS > > resolver. With modern libraries, it takes a few lines of code to write a > > basic one. This kind of resolver does not resolve most of the names, but > > forwards queries to another/real resolver, adapting the queries and/or > > the answers as needed. > > > > For an oversimplified example, such a script can respond to all AAAA > > queries (with answers containing no records) while forwarding all A > > queries to a "real" resolver. > > > > Should be no need for any custom scripts or Squid config at all for this. > > The Bind9 filter-aaaa* feature does it already without wasting network > bandwidth delivering ignored response fields. Other recursive resolvers > should all have equivalent features too. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
