2

Neither my local networking equipment neither my ISP support IPv6. While some applications support restriction of DNS lookups to IPv4 addresses some others don't so these applications end up waiting until a timeout is triggered to proceed.

I am using dnsmasq (with network manager) as a local cache server and all the queries are going through it. A lot of posts I've read say that dnsmasq isn't capable of doing that. Can anyone throw some light on the topic?

It would't be a problem if I had to replace my dns server. I also cannot use external DNS servers.

PS:Any other tricks that will improve my DNS lookups speed are welcome. I have already set precedence for IPv4 in gai.conf but things didn't improve much. Using Debian stretch.

tur1ng
  • 121
  • 4
  • Updating those applications in accordance with [RFC 8305](https://tools.ietf.org/html/rfc8305) would be the ideal solution. – kasperd Jan 15 '19 at 17:44
  • 2
    It doesn't matter if AAAA record responses come back, if you haven't actually configured a global IPv6 address or default route on your machine. You should remove the global IPv6 address if you haven't actually got IPv6 connectivity. – Michael Hampton Jan 15 '19 at 17:46
  • 1
    @MichaelHampton I removed IPv6 addresses globally, but I'm not sure this will help. My problem is that some applications, in my case a python library, perform lookups for both IP versions (A and AAAA). Dnsmasq forwards them to my router (in case of cache miss) which has a dns server, but it only get replies for the IPv4 queries (A). What I want to achieve is configure the dnsmasq to send negative responses to those queries (AAAA) without having to forward the query to the router. I can't modify router firmware... – tur1ng Jan 15 '19 at 20:19
  • Do you mean to say that your router is broken? What is it doing with these AAAA queries? – Michael Hampton Jan 15 '19 at 20:20
  • @MichaelHampton Basically yes. – tur1ng Jan 15 '19 at 20:22
  • @MichaelHampton I have seen routers where AAAA lookups would corrupt the cache in such a way that you couldn't lookup an A record for the same domain afterwards. – kasperd Jan 15 '19 at 22:37
  • 1
    @JAAAY If the DNS server on the router is defective you can bypass it and send the requests to a working DNS server. Should it turn out that the router cannot route DNS requests between your clients and a working DNS server without corrupting those DNS requests as well, then it's not worthy of being a router and is better repurposed as a paper weight. – kasperd Jan 15 '19 at 22:40
  • Which applications? Also you may be able to achieve that kind of filtering with bind RPZ feature. – Patrick Mevzek Jan 16 '19 at 16:49
  • @kasperd lol, at least it serves the A requests. – tur1ng Jan 17 '19 at 10:03
  • @PatrickMevzekI Some python libraries. I'm not aware of this feature, if you know how I can achieve my goal through it, you are welcome to submit an answer. – tur1ng Jan 17 '19 at 10:06

0 Answers0