dns64: Fall back to plain AAAA query with synthall but no A records

Networks which only have tunneled IPv6 access but still want to go
IPv6-only internally can use unbound's DNS64 module together with the
dns64-synthall or dns64-ignore-aaaa options to direct most traffic (any
dualstack domain) to their NAT64.

There is only one problem with this setup, currently domains with only AAAA
records will fail to resolve.

To allow for this use-case arrange for the A sub-query to make the AAAA
super query advance along the module stack when no records are returned.

Signed-off-by: Daniel Gröber <dxld@darkboxed.org>

diff --git a/dns64/dns64.c b/dns64/dns64.c
index 178427479b0eb8c38128ff0911e2edc40f7fa95e..10e7512a9a72887f7d5dabc57eb2ffa709a0d13e 100644 (file)
--- a/dns64/dns64.c
+++ b/dns64/dns64.c
@@ -982,6 +982,17 @@ dns64_inform_super(struct module_qstate* qstate, int id,
                return;
        }
 
+       /* When no A record is found for synthesis fall back to AAAA again. */
+       if (qstate->qinfo.qtype == LDNS_RR_TYPE_A &&
+           qstate->return_rcode == LDNS_RCODE_NOERROR &&
+           !( qstate->return_msg &&
+              qstate->return_msg->rep &&
+              reply_find_answer_rrset(&qstate->qinfo, qstate->return_msg->rep)))
+       {
+               super_dq->state = DNS64_INTERNAL_QUERY;
+               return;
+       }
+
        /* Use return code from A query in response to client. */
        if (super->return_rcode != LDNS_RCODE_NOERROR)
                super->return_rcode = qstate->return_rcode;