如何在不完全禁用 IPv6 的情况下禁用 AAAA DNS 查询？

Question

在下面的配置文件中，我在启动配置 IPv6 地址的桥之前禁用了 AAAA 查找。

# /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback


#-------------------------------------------------------
# zone: home
# 100Mb ethernet
#-------------------------------------------------------
auto enp2s6
allow-hotplug enp2s6
iface enp2s6 inet static
        address 192.168.1.3
        netmask 255.255.255.0
        gateway 192.168.1.1
        dns-search mathminds.io
        dns-nameserver 192.168.1.1


#-------------------------------------------------------


 ###
## See motivation and additional documentation here:
## https://linuxconfig.org/how-to-use-bridged-networking-with-libvirt-and-kvm
## https://github.com/ossobv/nss-dns4only
###

#-------------------------------------------------------
# zone: public
# 1Gb ethernet
#-------------------------------------------------------
iface enp5s0 inet6 manual

#-------------------------------------------------------
# zone: public (spare network card)
# 1Gb ethernet
#-------------------------------------------------------
iface enp2s5 inet6 manual

auto br4300
iface br4300 inet6 static
    ## attach network interface to the bridge
    bridge_ports enp5s0
    ## assign static IPv6 address to network interface
    address 2001:470:195e:4300::2/64
    gateway 2001:470:195e:4300::1
    ## Install bridge utilities
    pre-up apt install -y bridge-utils uml-utilities | logger
    ## Make sure the host (this computer!) performs only IPv4 DNS queries.
    pre-up mkdir -p /root/Downloads ; \
           [ -f /root/Downloads/libnss-dns4only_0.1-1_amd64.deb ] || \
             wget -q https://github.com/ossobv/nss-dns4only/releases/download/v0.1/libnss-dns4only_0.1-1_amd64.deb \
                  -O /root/Downloads/libnss-dns4only_0.1-1_amd64.deb && \
           dpkg -i /root/Downloads/libnss-dns4only_0.1-1_amd64.deb | logger
    ## Disabling netfilter for the bridge
    post-up sysctl -w net.bridge.bridge-nf-call-ip6tables = 0
    post-up sysctl -w net.bridge.bridge-nf-call-iptables = 0
    post-up sysctl -w net.bridge.bridge-nf-call-arptables = 0

Answer 1

在下面的配置文件中，我在启动配置 IPv6 地址的桥之前禁用了 AAAA 查找。

# /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback


#-------------------------------------------------------
# zone: home
# 100Mb ethernet
#-------------------------------------------------------
auto enp2s6
allow-hotplug enp2s6
iface enp2s6 inet static
        address 192.168.1.3
        netmask 255.255.255.0
        gateway 192.168.1.1
        dns-search mathminds.io
        dns-nameserver 192.168.1.1


#-------------------------------------------------------


 ###
## See motivation and additional documentation here:
## https://linuxconfig.org/how-to-use-bridged-networking-with-libvirt-and-kvm
## https://github.com/ossobv/nss-dns4only
###

#-------------------------------------------------------
# zone: public
# 1Gb ethernet
#-------------------------------------------------------
iface enp5s0 inet6 manual

#-------------------------------------------------------
# zone: public (spare network card)
# 1Gb ethernet
#-------------------------------------------------------
iface enp2s5 inet6 manual

auto br4300
iface br4300 inet6 static
    ## attach network interface to the bridge
    bridge_ports enp5s0
    ## assign static IPv6 address to network interface
    address 2001:470:195e:4300::2/64
    gateway 2001:470:195e:4300::1
    ## Install bridge utilities
    pre-up apt install -y bridge-utils uml-utilities | logger
    ## Make sure the host (this computer!) performs only IPv4 DNS queries.
    pre-up mkdir -p /root/Downloads ; \
           [ -f /root/Downloads/libnss-dns4only_0.1-1_amd64.deb ] || \
             wget -q https://github.com/ossobv/nss-dns4only/releases/download/v0.1/libnss-dns4only_0.1-1_amd64.deb \
                  -O /root/Downloads/libnss-dns4only_0.1-1_amd64.deb && \
           dpkg -i /root/Downloads/libnss-dns4only_0.1-1_amd64.deb | logger
    ## Disabling netfilter for the bridge
    post-up sysctl -w net.bridge.bridge-nf-call-ip6tables = 0
    post-up sysctl -w net.bridge.bridge-nf-call-iptables = 0
    post-up sysctl -w net.bridge.bridge-nf-call-arptables = 0

如何在不完全禁用 IPv6 的情况下禁用 AAAA DNS 查询？

答案1

相关内容