Yes, I’m an IPv6 fan and I strive to reach a good balance between running my self-hosted services on an IPv4 / IPv6 dual-stack and simplicity of configuration and maintenance. One service that had some issues in the past with IPv6 was OpenVPN. Perhaps things have gotten better but when I first installed the service many years ago, getting IPv6 through the tunnel just didn’t work. So I have an IPv4-only OpenVPN server at home and I have to make sure there is no IPv6 ‘leakage’ outside the tunnel if the local connectivity offers IPv6.
The answer to the problem was to install the bind9 DNS server and send configuration information to client devices during the VPN tunnel establishment to only use this DNS server. To prevent IPv6 leakage, I configured that DNS server to send empty responses to AAAA DNS requests. The fun part: This seems to be an ‘unloved’ feature in bind9 and so the way this is configured has changed every time I made an Ubuntu OS upgrade. So here’s how to configure bind9 to send empty answers to IPv6 AAAA requests:
Continue reading Bind9 DNS: Follow the IPv6 Filter