Is it possible to not resolve ipv6 certain dns domains?

Reply to Is it possible to not resolve ipv6 certain dns domains? on Mon, 14 Oct 2024 07:27:36 GMT

-flo- 0 — Mon, 14 Oct 2024 07:27:36 GMT

@Gertjan

This does it!

Thank you all, you are may today's champions!

Reply to Is it possible to not resolve ipv6 certain dns domains? on Mon, 14 Oct 2024 07:20:44 GMT

Gertjan — Mon, 14 Oct 2024 07:20:44 GMT

@flo-0

Switch from the old 'unbound' mode (see image) to the new Python mode.

Reply to Is it possible to not resolve ipv6 certain dns domains? on Mon, 14 Oct 2024 07:17:18 GMT

-flo- 0 — Mon, 14 Oct 2024 07:17:18 GMT

@Lazer13

Thank you for trying to help. I'm feeling kinda dumb right now.

I select Firewall - pfBlockerNG. I now see a menu line with items General, IP, DNSBL, etc. There I select DNSBL and get a configuration screen. Neither in this nor in any of its three subscreens there is an item "AAAA". I even searched for the string.

Maybe there is a problem with my configuration? I let the wizard create a default configuration after I installed pfBlockerNG yesterday. After this in the services widget the entry pfb_filter is shown as running, whereas the entry pfb_dnsbl is not. I cannot start this service from the widget.

I must be missing something totally obvious.

Reply to Is it possible to not resolve ipv6 certain dns domains? on Mon, 14 Oct 2024 06:33:39 GMT

Lazer13 — Mon, 14 Oct 2024 06:33:39 GMT

It's only easy once you know. :)

Go into DNSBL and enable "no AAAA".
When you enable it you get a new section called Python no AAAA List.
Domains you put there will only resolve IPv4.

Reply to Is it possible to not resolve ipv6 certain dns domains? on Sun, 13 Oct 2024 19:06:20 GMT

-flo- 0 — Sun, 13 Oct 2024 19:06:20 GMT

Sorry, this is probably a dumb question, but where exactly do I find these settings? I installed pfblockerng but didn't find anything like this in the settings ...

Reply to Is it possible to not resolve ipv6 certain dns domains? on Wed, 25 Sep 2024 09:03:39 GMT

Lazer13 — Wed, 25 Sep 2024 09:03:39 GMT

It works flawlessly. Very nice.
Unfortunately I still get error trying to login to atera but now I know ipv6 is not to blame :)

Reply to Is it possible to not resolve ipv6 certain dns domains? on Wed, 25 Sep 2024 08:56:21 GMT

Lazer13 — Wed, 25 Sep 2024 08:56:21 GMT

Awesome, thanks!
Didn't notice that feature of pfblocker before. Will try it :)

Reply to Is it possible to not resolve ipv6 certain dns domains? on Mon, 23 Sep 2024 14:50:40 GMT

Gertjan — Mon, 23 Sep 2024 14:50:40 GMT

@Lazer13 said in Is it possible to not resolve ipv6 certain dns domains?:

SO, is there a way to make pfsense only resolve ipv4 for certain domains?

and block AAAA request ?
pfSense, aka the resolver will do its job as asked.
~~You could probably do something with domain overrides~~ or install pfBlockerng and use this option :

as it was included just for that : block AAAA requests of all domain names listed.

edit : Non, forget about host overrides.
You probably have to pick the correct unbound's config settings, see https://nlnetlabs.nl/documentation/unbound/unbound.conf/ )