When using Bind9 as DNS service in your own network, it can be helpful to disable IPv6 (AAAA) responses to avoid the client to try to communicate via IPv6 if it hasn't been setup.

When doing a DNS request for a domain which has both IPv4 and IPv6 entries you could have a response like:

❯ host nu.nl
nu.nl has address 2.17.209.162
nu.nl has address 2.17.209.147
nu.nl has IPv6 address 2a02:26f0:da::211:d193
nu.nl has IPv6 address 2a02:26f0:da::211:d1a2
nu.nl mail is handled by 10 alt4.aspmx.l.google.com.
nu.nl mail is handled by 10 alt3.aspmx.l.google.com.
nu.nl mail is handled by 5 alt1.aspmx.l.google.com.
nu.nl mail is handled by 1 aspmx.l.google.com.
nu.nl mail is handled by 5 alt2.aspmx.l.google.com.

To disable IPv6 (AAAA) responses we can filter it out when it is doing a DNS request over IPv4.

To do this we edit /etc/bind/names.conf.options and add the following line near the end in the options section:


filter-aaaa-on-v4 yes;

Once this is done restart Bind9:


service bind9 restart

After this if we do another lookup we will see that the IPv6 entries have been filtered out:

❯ host nu.nl
nu.nl has address 2.17.209.162
nu.nl has address 2.17.209.147
nu.nl mail is handled by 10 alt4.aspmx.l.google.com.
nu.nl mail is handled by 10 alt3.aspmx.l.google.com.
nu.nl mail is handled by 5 alt1.aspmx.l.google.com.
nu.nl mail is handled by 1 aspmx.l.google.com.
nu.nl mail is handled by 5 alt2.aspmx.l.google.com.

Stephan Wijman • 23 Articles

View Articles