Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Limit AAAA name resolution for specific hosts

    Scheduled Pinned Locked Moved DHCP and DNS
    9 Posts 2 Posters 793 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pbnet
      last edited by

      Hello,

      I have an O365 subscription with Microsoft, and Skype for Business 2016 is not connecting when using a dual-stack machine (aka IPv4 and IPv6).
      After 4 months of troubleshooting with Microsoft, they still have no clue on how to fix the issue, and, honestly, I'm getting tired on troubleshooting by myself.
      Is there a way I can limit the AAAA resolution for Webdir.online.lync.com so that the name could only be resolved on IPv4?
      Did anyone done such a limitation on PFSense 2.4.2 ?

      Thanks a lot,
      Andy.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Are you using forwarder or resolver in pfsense? dnsmasq or unbound?

        In unbound custom option box
        local-data: "Webdir.online.lync.com IN AAAA ::"

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • P
          pbnet
          last edited by

          I think it's DNSMasq.
          dnsmasq  DNS Forwarder  .

          As far as it looks it's a forwarder using DNSMasq.

          Any ideas ?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            the default is the resolver.. why would you be using the forwarder?  But sure you can do the same sort of thing in forwarder.

            In the dnsmasq.conf

            server=/Webdir.online.lync.com/#
            address=/Webdir.online.lync.com/::

            should be able to put that in the custom options.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • P
              pbnet
              last edited by

              Thanks a lot johnpoz.
              Works like a charm now.

              1 Reply Last reply Reply Quote 0
              • P
                pbnet
                last edited by

                Sorry to re-open the thread.
                I've switched to DNS Resolver and unbound.
                How do I make the same settings with unbound (DNS Resolver) ?

                Thanks.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  Gave you that answer in my first post ;)

                  In unbound custom option box
                  local-data: "Webdir.online.lync.com IN AAAA ::"

                  You most likely will need server: above that..  See screen shot..

                  unbound.png
                  unbound.png_thumb

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • P
                    pbnet
                    last edited by

                    Thanks a lot!!! (again :) )

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      You can do it in the gui too… Just a simple host override.

                      Which should work for both the forwarder or unbound.  Just set it in which one your using..  The command way would be for sure easier if you wanted to block a whole bunch of hosts.. There is a way to do it for a whole domain as well with unbound  python script..  There is a thread around here about that method to fix netflix over HE I think was the problem they were looking to correct with that method.

                      edit:  Here is link to that thread about unbound python script.. Works..  So that is another option for you.
                      https://forum.pfsense.org/index.php?topic=134352.msg737158#msg737158

                      guiway.png
                      guiway.png_thumb

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.