git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Thu, 24 Apr 2025 14:29:11 +0000 (16:29 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Thu, 24 Apr 2025 15:52:28 +0000 (17:52 +0200)
commit	940fa19ad8e63d3dc4398ee9a0a2cad28fa5203d
tree	8c5532e956284e2cf70ccd7ed810a5900add3bb1	tree \| snapshot
parent	0e94339eaf1c8423132debb6b1b485d8bb1bb7da	commit \| diff

MEDIUM: resolvers: add global "dns-accept-family" directive

By default, DNS resolvers accept both IPv4 and IPv6 addresses. This can be
influenced by the "resolve-prefer" keywords on server lines as well as the
family argument to the "do-resolve" action, but that is only a preference,
which does not block the other family from being used when it's alone. In
some environments where dual-stack is not usable, stumbling on an unreachable
IPv6-only DNS record can cause significant trouble as it will replace a
previous IPv4 one which would possibly have continued to work till next
request. The "dns-accept-family" global option permits to enforce usage of
only one (or both) address families. The argument is a comma-delimited list
of the following words:
- "ipv4": query and accept IPv4 addresses ("A" records)
- "ipv6": query and accept IPv6 addresses ("AAAA" records)

When a single family is used, no request will be sent to resolvers for the
other family, and any response for the othe family will be ignored. The
default value is "ipv4,ipv6", which effectively enables both families.

doc/configuration.txt		diff \| blob \| blame \| history
include/haproxy/resolvers-t.h		diff \| blob \| blame \| history
include/haproxy/resolvers.h		diff \| blob \| blame \| history
src/resolvers.c		diff \| blob \| blame \| history