Limit AAAA name resolution for specific hosts
-
Hello,
I have an O365 subscription with Microsoft, and Skype for Business 2016 is not connecting when using a dual-stack machine (aka IPv4 and IPv6).
After 4 months of troubleshooting with Microsoft, they still have no clue on how to fix the issue, and, honestly, I'm getting tired on troubleshooting by myself.
Is there a way I can limit the AAAA resolution for Webdir.online.lync.com so that the name could only be resolved on IPv4?
Did anyone done such a limitation on PFSense 2.4.2 ?Thanks a lot,
Andy.
-
Are you using forwarder or resolver in pfsense? dnsmasq or unbound?
In unbound custom option box
local-data: "Webdir.online.lync.com IN AAAA ::"
-
I think it's DNSMasq.
dnsmasq DNS Forwarder .As far as it looks it's a forwarder using DNSMasq.
Any ideas ?
Thanks.
-
the default is the resolver.. why would you be using the forwarder? But sure you can do the same sort of thing in forwarder.
In the dnsmasq.conf
server=/Webdir.online.lync.com/#
address=/Webdir.online.lync.com/::should be able to put that in the custom options.
-
Thanks a lot johnpoz.
Works like a charm now.
-
Sorry to re-open the thread.
I've switched to DNS Resolver and unbound.
How do I make the same settings with unbound (DNS Resolver) ?Thanks.
-
Gave you that answer in my first post ;)
In unbound custom option box
local-data: "Webdir.online.lync.com IN AAAA ::"You most likely will need server: above that.. See screen shot..
-
Thanks a lot!!! (again :) )
-
You can do it in the gui too… Just a simple host override.
Which should work for both the forwarder or unbound. Just set it in which one your using.. The command way would be for sure easier if you wanted to block a whole bunch of hosts.. There is a way to do it for a whole domain as well with unbound python script.. There is a thread around here about that method to fix netflix over HE I think was the problem they were looking to correct with that method.
edit: Here is link to that thread about unbound python script.. Works.. So that is another option for you.
https://forum.pfsense.org/index.php?topic=134352.msg737158#msg737158
