Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Limit AAAA name resolution for specific hosts

    DHCP and DNS
    2
    9
    526
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pbnet last edited by

      Hello,

      I have an O365 subscription with Microsoft, and Skype for Business 2016 is not connecting when using a dual-stack machine (aka IPv4 and IPv6).
      After 4 months of troubleshooting with Microsoft, they still have no clue on how to fix the issue, and, honestly, I'm getting tired on troubleshooting by myself.
      Is there a way I can limit the AAAA resolution for Webdir.online.lync.com so that the name could only be resolved on IPv4?
      Did anyone done such a limitation on PFSense 2.4.2 ?

      Thanks a lot,
      Andy.

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        Are you using forwarder or resolver in pfsense? dnsmasq or unbound?

        In unbound custom option box
        local-data: "Webdir.online.lync.com IN AAAA ::"

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

        1 Reply Last reply Reply Quote 0
        • P
          pbnet last edited by

          I think it's DNSMasq.
          dnsmasq  DNS Forwarder  .

          As far as it looks it's a forwarder using DNSMasq.

          Any ideas ?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            the default is the resolver.. why would you be using the forwarder?  But sure you can do the same sort of thing in forwarder.

            In the dnsmasq.conf

            server=/Webdir.online.lync.com/#
            address=/Webdir.online.lync.com/::

            should be able to put that in the custom options.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

            1 Reply Last reply Reply Quote 0
            • P
              pbnet last edited by

              Thanks a lot johnpoz.
              Works like a charm now.

              1 Reply Last reply Reply Quote 0
              • P
                pbnet last edited by

                Sorry to re-open the thread.
                I've switched to DNS Resolver and unbound.
                How do I make the same settings with unbound (DNS Resolver) ?

                Thanks.

                1 Reply Last reply Reply Quote 0
                • johnpoz
                  johnpoz LAYER 8 Global Moderator last edited by

                  Gave you that answer in my first post ;)

                  In unbound custom option box
                  local-data: "Webdir.online.lync.com IN AAAA ::"

                  You most likely will need server: above that..  See screen shot..


                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                  1 Reply Last reply Reply Quote 0
                  • P
                    pbnet last edited by

                    Thanks a lot!!! (again :) )

                    1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator last edited by

                      You can do it in the gui too… Just a simple host override.

                      Which should work for both the forwarder or unbound.  Just set it in which one your using..  The command way would be for sure easier if you wanted to block a whole bunch of hosts.. There is a way to do it for a whole domain as well with unbound  python script..  There is a thread around here about that method to fix netflix over HE I think was the problem they were looking to correct with that method.

                      edit:  Here is link to that thread about unbound python script.. Works..  So that is another option for you.
                      https://forum.pfsense.org/index.php?topic=134352.msg737158#msg737158


                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post