[SOLVED] disable AAAA response for a given domain

AndrewZ · September 25, 2018, 5:02pm

Is it possible to configure Pi-hole to return only A and not AAAA for a given domain?
The use case is pretty simple - IPv6 is provided via tunnel (HE broker) and accessing local (== in-country) resources via IPv6 is not desirable.

mrpink57 · September 26, 2018, 5:20pm

I believe this would be as simple as setting up that domain to point to the IP address in your host file. This would stop a lookup and simply use that IP you provided for that specific domain.

Would recommend testing to find out.

Also if you use say dnscrypt you can refuse ipv6 lookups and it also has a pretty neat cloaking feature (same as using /etc/hosts but is said to handle larger scale host files).

EDIT: In my own testing of this I found looking at my pihole logs it would not do a recursive lookup and use whatever was in my host file.

AndrewZ · September 26, 2018, 5:29pm

You're probably talking about a host[name], but I'm talking about domain, to be more specific - country tld, like .fr or .pl for example.

DL6ER · September 26, 2018, 6:18pm

Create a line like

address=/tld/::

in a custom file in /etc/dnsmasq.d (e.g., /etc/dnsmasq.d/99-AAAA.conf).

This will return :: for all AAAA requests to tld and whatever is below this domain. You need to fully restart pihole-FTL for new configuration lines to be loaded/parsed.

AndrewZ · September 26, 2018, 6:49pm

That does not work for me.
in the log:

query[A] www.xxxx.xx from 192.168.x.x
config www.xxxx.xx is NODATA-IPv4
query[AAAA] www.xxxx.xx from 192.168.x.x
config www.xxxx.xx is ::

DL6ER · November 11, 2018, 6:51am

Well,

effectively means that the destination address is not routable and hence, network requests do never leave your local network. I thought that this is about what you wanted to achieve, no?

AndrewZ · November 11, 2018, 8:39pm

Yes, this is what I need for v6 only. However, as you can see from my earlier example, A query failed as well:

query[A] www.xxxx.xx from 192.168.x.x
config www.xxxx.xx is NODATA-IPv4

At the moment I'm getting the desired result with unbound with the magic python script [running on pfSense].
Will be great to have something similar on Pi-hole directly. Please don't suggest to install unbound

DL6ER · November 12, 2018, 3:00pm

Ah, so you could add something like

server=/tld/8.8.8.8
address=/tld/::

(replace 8.8.8.8 by your preferred DNS provider).

This will make your Pi-hole ask for all records except for AAAA for which it already knowns the answer (::).

AndrewZ · November 12, 2018, 8:34pm

Everything turned out so simple
This works, thank you so much, @DL6ER