• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Limit AAAA name resolution for specific hosts

Scheduled Pinned Locked Moved DHCP and DNS
9 Posts 2 Posters 838 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    pbnet
    last edited by Dec 11, 2017, 6:38 AM

    Hello,

    I have an O365 subscription with Microsoft, and Skype for Business 2016 is not connecting when using a dual-stack machine (aka IPv4 and IPv6).
    After 4 months of troubleshooting with Microsoft, they still have no clue on how to fix the issue, and, honestly, I'm getting tired on troubleshooting by myself.
    Is there a way I can limit the AAAA resolution for Webdir.online.lync.com so that the name could only be resolved on IPv4?
    Did anyone done such a limitation on PFSense 2.4.2 ?

    Thanks a lot,
    Andy.

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Dec 11, 2017, 9:05 AM

      Are you using forwarder or resolver in pfsense? dnsmasq or unbound?

      In unbound custom option box
      local-data: "Webdir.online.lync.com IN AAAA ::"

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • P
        pbnet
        last edited by Dec 11, 2017, 1:26 PM

        I think it's DNSMasq.
        dnsmasq  DNS Forwarder  .

        As far as it looks it's a forwarder using DNSMasq.

        Any ideas ?

        Thanks.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Dec 11, 2017, 1:58 PM

          the default is the resolver.. why would you be using the forwarder?  But sure you can do the same sort of thing in forwarder.

          In the dnsmasq.conf

          server=/Webdir.online.lync.com/#
          address=/Webdir.online.lync.com/::

          should be able to put that in the custom options.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • P
            pbnet
            last edited by Dec 11, 2017, 6:59 PM

            Thanks a lot johnpoz.
            Works like a charm now.

            1 Reply Last reply Reply Quote 0
            • P
              pbnet
              last edited by Dec 26, 2017, 9:09 PM

              Sorry to re-open the thread.
              I've switched to DNS Resolver and unbound.
              How do I make the same settings with unbound (DNS Resolver) ?

              Thanks.

              1 Reply Last reply Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator
                last edited by Dec 27, 2017, 3:10 AM

                Gave you that answer in my first post ;)

                In unbound custom option box
                local-data: "Webdir.online.lync.com IN AAAA ::"

                You most likely will need server: above that..  See screen shot..

                unbound.png
                unbound.png_thumb

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • P
                  pbnet
                  last edited by Dec 27, 2017, 9:45 AM

                  Thanks a lot!!! (again :) )

                  1 Reply Last reply Reply Quote 0
                  • J
                    johnpoz LAYER 8 Global Moderator
                    last edited by Dec 27, 2017, 10:26 AM Dec 27, 2017, 10:23 AM

                    You can do it in the gui too… Just a simple host override.

                    Which should work for both the forwarder or unbound.  Just set it in which one your using..  The command way would be for sure easier if you wanted to block a whole bunch of hosts.. There is a way to do it for a whole domain as well with unbound  python script..  There is a thread around here about that method to fix netflix over HE I think was the problem they were looking to correct with that method.

                    edit:  Here is link to that thread about unbound python script.. Works..  So that is another option for you.
                    https://forum.pfsense.org/index.php?topic=134352.msg737158#msg737158

                    guiway.png
                    guiway.png_thumb

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received