Blocking AAAA in Dnsmasq on AsusWRT/Merlin

jarmka

Occasional Visitor
I've found little info on the web about this. There are no commands I had found that worked. I have came across a patch that adds an option for filtering AAAA in dnsmasq however: https://gist.github.com/bearice/7d3dc0e63e003d752622

Does anyone have any experience with this kind of thing? Or do you know of a better way?

Some reasons to do so:
https://isc.sans.edu/diary/Command+and+Control+Channels+Using+"AAAA"+DNS+Records/21301

Some wise words I have come across:
PS: Contrary to popular belief here on SF, there are some good reasons to disable IPv6/AAAA on a machine in a IPv4-only network, even where DNS works: Reduce broadcast load; Reduce load on DNS resolvers by almost 50%; Reduce connection start-up times (significantly where DNS caches are laggy); Follow best practices to disable non-functional features to enhance security and stability. Admittedly, if i forget to re-enable IPv6 once it becomes available, then my system becomes IPv4 legacy ballast that impedes IPv6 rollout. One should be allowed to weigh the listed pros against this con
 
Last edited:

accolito

Occasional Visitor
I replied you on the other thread, shortly:
1) ask @RMerlin to patch current dnsmasq;
2) use bind instead of dnsmasq (not really a wise choice)
 

jarmka

Occasional Visitor
@ColinTaylor

I have spoken to him. I feel it is an important 'option' giving people room to experiment, I'll keep talking to him.
 
Last edited:

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top