FILTER-A(8) BIND 9 FILTER-A(8)
NAME
filter-a - filter A in DNS responses when AAAA is present
SYNOPSIS
plugin query "filter-a.so" [{ parameters }];
DESCRIPTION
filter-a.so is a query plugin module for named, enabling named to omit
some IPv4 addresses when responding to clients.
For example:
plugin query "filter-a.so" {
filter-a-on-v6 yes;
filter-a-on-v4 yes;
filter-a { 192.0.2.1; 2001:db8:2::1; };
};
This module is intended to aid transition from IPv4 to IPv6 by with-
holding IPv4 addresses from DNS clients which are not connected to the
IPv4 Internet, when the name being looked up has an IPv6 address avail-
able. Use of this module is not recommended unless absolutely neces-
sary.
Note: This mechanism can erroneously cause other servers not to give A
records to their clients. If a recursing server with both IPv6 and IPv4
network connections queries an authoritative server using this mecha-
nism via IPv6, it is denied A records even if its client is using IPv4.
OPTIONS
filter-a
This option specifies a list of client addresses for which A
filtering is to be applied. The default is any.
filter-a-on-v6
If set to yes, this option indicates that the DNS client is at
an IPv6 address, in filter-a. If the response does not include
DNSSEC signatures, then all A records are deleted from the re-
sponse. This filtering applies to all responses, not only au-
thoritative ones.
If set to break-dnssec, then A records are deleted even when
DNSSEC is enabled. As suggested by the name, this causes the re-
sponse to fail to verify, because the DNSSEC protocol is de-
signed to detect deletions.
This mechanism can erroneously cause other servers not to give A
records to their clients. If a recursing server with both IPv6
and IPv4 network connections queries an authoritative server us-
ing this mechanism via IPv6, it is denied A records even if its
client is using IPv4.
filter-a-on-v4
This option is identical to filter-a-on-v6, except that it fil-
ters A responses to queries from IPv4 clients instead of IPv6
clients. To filter all responses, set both options to yes.
SEE ALSO
BIND 9 Administrator Reference Manual.
AUTHOR
Internet Systems Consortium
COPYRIGHT
2025, Internet Systems Consortium
9.18.30-0ubuntu0.22.04.2-Ubuntu 2024-09-09 FILTER-A(8)
Generated by dwww version 1.14 on Sun Apr 20 06:26:18 CEST 2025.