[SOLVED] disable AAAA response for a given domain

Is it possible to configure Pi-hole to return only A and not AAAA for a given domain?
The use case is pretty simple - IPv6 is provided via tunnel (HE broker) and accessing local (== in-country) resources via IPv6 is not desirable.

I believe this would be as simple as setting up that domain to point to the IP address in your host file. This would stop a lookup and simply use that IP you provided for that specific domain.

Would recommend testing to find out.

Also if you use say dnscrypt you can refuse ipv6 lookups and it also has a pretty neat cloaking feature (same as using /etc/hosts but is said to handle larger scale host files).

EDIT: In my own testing of this I found looking at my pihole logs it would not do a recursive lookup and use whatever was in my host file.

You're probably talking about a host[name], but I'm talking about domain, to be more specific - country tld, like .fr or .pl for example.

Create a line like

address=/tld/::

in a custom file in /etc/dnsmasq.d (e.g., /etc/dnsmasq.d/99-AAAA.conf).

This will return :: for all AAAA requests to tld and whatever is below this domain. You need to fully restart pihole-FTL for new configuration lines to be loaded/parsed.

2 Likes

That does not work for me.
in the log:

query[A] www.xxxx.xx from 192.168.x.x
config www.xxxx.xx is NODATA-IPv4
query[AAAA] www.xxxx.xx from 192.168.x.x
config www.xxxx.xx is ::

Well,

effectively means that the destination address is not routable and hence, network requests do never leave your local network. I thought that this is about what you wanted to achieve, no?

Yes, this is what I need for v6 only. However, as you can see from my earlier example, A query failed as well:

query[A] www.xxxx.xx from 192.168.x.x
config www.xxxx.xx is NODATA-IPv4

At the moment I'm getting the desired result with unbound with the magic python script [running on pfSense].
Will be great to have something similar on Pi-hole directly. Please don't suggest to install unbound :wink:

Ah, so you could add something like

server=/tld/8.8.8.8
address=/tld/::

(replace 8.8.8.8 by your preferred DNS provider).

This will make your Pi-hole ask for all records except for AAAA for which it already knowns the answer (::).

3 Likes

Everything turned out so simple :smile:
This works, thank you so much, @DL6ER