Erich Eckner
2018-11-30 11:04:35 UTC
Hi,
I'm running a bind9 name server (9.13.4 on debian) which forwards some
zone (onion.) to tor's name server. Unfortunately, tor's name server
only answers A and AAAA requests, but not e.g. ANY requests.
192.168.1.3 is running the tor dns,
192.168.1.13 is running bind9 forwarding to 192.168.1.3:9053
$ dig +short @192.168.1.3 -p9053 3g2upl4pq6kufc4m.onion ANY
;; Connection to 192.168.1.3#9053(192.168.1.3) for
3g2upl4pq6kufc4m.onion failed: connection refused.
$ dig +short @192.168.1.3 -p9053 3g2upl4pq6kufc4m.onion A
10.255.55.223
$ dig +short @192.168.1.3 -p9053 3g2upl4pq6kufc4m.onion AAAA
febe:5163:d2b9:98aa:345b:ee04:2c32:d10e
$ dig +short @192.168.1.13 3g2upl4pq6kufc4m.onion ANY
$ dig +short @192.168.1.13 3g2upl4pq6kufc4m.onion A
10.255.55.223
$ dig +short @192.168.1.13 3g2upl4pq6kufc4m.onion AAAA
febe:5163:d2b9:98aa:345b:ee04:2c32:d10e
Is there any option:
- to make bind fall back to A or AAAA when the ANY request fails (even
the connection fails!) or
- to only forward requests of certain type(s) or
- to answer ANY requests _always_ with A or AAAA records (not trying if
the ANY request can be forwarded successfully), possibly for certain
zones only?
Sry, if that has been asked before, but I seem unable to find anything
useful on the internet, since "ANY" is not a good search term ;-) and
without "ANY" I only turn up how to set bind to ipv4/ipv6-only.
regards,
Erich
I'm running a bind9 name server (9.13.4 on debian) which forwards some
zone (onion.) to tor's name server. Unfortunately, tor's name server
only answers A and AAAA requests, but not e.g. ANY requests.
192.168.1.3 is running the tor dns,
192.168.1.13 is running bind9 forwarding to 192.168.1.3:9053
$ dig +short @192.168.1.3 -p9053 3g2upl4pq6kufc4m.onion ANY
;; Connection to 192.168.1.3#9053(192.168.1.3) for
3g2upl4pq6kufc4m.onion failed: connection refused.
$ dig +short @192.168.1.3 -p9053 3g2upl4pq6kufc4m.onion A
10.255.55.223
$ dig +short @192.168.1.3 -p9053 3g2upl4pq6kufc4m.onion AAAA
febe:5163:d2b9:98aa:345b:ee04:2c32:d10e
$ dig +short @192.168.1.13 3g2upl4pq6kufc4m.onion ANY
$ dig +short @192.168.1.13 3g2upl4pq6kufc4m.onion A
10.255.55.223
$ dig +short @192.168.1.13 3g2upl4pq6kufc4m.onion AAAA
febe:5163:d2b9:98aa:345b:ee04:2c32:d10e
Is there any option:
- to make bind fall back to A or AAAA when the ANY request fails (even
the connection fails!) or
- to only forward requests of certain type(s) or
- to answer ANY requests _always_ with A or AAAA records (not trying if
the ANY request can be forwarded successfully), possibly for certain
zones only?
Sry, if that has been asked before, but I seem unable to find anything
useful on the internet, since "ANY" is not a good search term ;-) and
without "ANY" I only turn up how to set bind to ipv4/ipv6-only.
regards,
Erich