Is it possible to not resolve ipv6 certain dns domains?
-
Hi,
I'm in a kind of a pickle.
A customer wants to give us access to their Atera instance.
They have ip filtering enabled and whitelisted our external ipv4 address.
When we try to connect we get rejected since atera resolves as ipv6 and we use ipv6 to reach atera.
Atera, in their infinite wisdom, does not support whitelisting ipv6 adresses.SO, is there a way to make pfsense only resolve ipv4 for certain domains?
Alternatively can i make a policy route that forces ipv4 for certain domains?Regards, Lars
-
@Lazer13 said in Is it possible to not resolve ipv6 certain dns domains?:
SO, is there a way to make pfsense only resolve ipv4 for certain domains?
and block AAAA request ?
pfSense, aka the resolver will do its job as asked.
You could probably do something with domain overridesor install pfBlockerng and use this option :
as it was included just for that : block AAAA requests of all domain names listed.
edit : Non, forget about host overrides.
You probably have to pick the correct unbound's config settings, see https://nlnetlabs.nl/documentation/unbound/unbound.conf/ )No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
Awesome, thanks!
Didn't notice that feature of pfblocker before. Will try it :) -
It works flawlessly. Very nice.
Unfortunately I still get error trying to login to atera but now I know ipv6 is not to blame :) -
Sorry, this is probably a dumb question, but where exactly do I find these settings? I installed pfblockerng but didn't find anything like this in the settings ...
-
It's only easy once you know. :)
Go into DNSBL and enable "no AAAA".
When you enable it you get a new section called Python no AAAA List.
Domains you put there will only resolve IPv4. -
Thank you for trying to help. I'm feeling kinda dumb right now.
I select Firewall - pfBlockerNG. I now see a menu line with items General, IP, DNSBL, etc. There I select DNSBL and get a configuration screen. Neither in this nor in any of its three subscreens there is an item "AAAA". I even searched for the string.
Maybe there is a problem with my configuration? I let the wizard create a default configuration after I installed pfBlockerNG yesterday. After this in the services widget the entry pfb_filter is shown as running, whereas the entry pfb_dnsbl is not. I cannot start this service from the widget.
I must be missing something totally obvious.
-
-
