Q: Remove AAAA records in DNS queries
My ISP, Verizon FIOS, has yet to support IPv6 addresses. I need to provide IPv6 interoperability and use a Hurricane Electric IPv6 tunnel solution to support IPv6 until Verizon upgrades their services to include IPv6. Netflix recently decided to block requests coming through IPv6 tunnels in their effort to keep proxy servers and tunnels from providing US Content to people outside the US. Unfortunately, Netflix also blocks the small number of legitimate Hurricane Electric customers located in the US that access IPv6 via the HE tunnel. We have two Apple TVs (4th generation) that now cannot access Netflix content because the Apple TVs prioritize AAAA records over A records for connections to Netflix.
Some people get around this by disabling IPv6 on their Airport Extreme or other router, but this kills IPv6 for the entire network. We provide DNS service from several Mac Minis running OS X Server. I would like to modify BIND on one of the OS X Servers so that when DNS requests are made to that one server by the Apple TVs, AAAA records are removed and the Apple TVs only get A records. This approach would isolate the AppleTVs from any IPv6 internet traffic since they would never see AAAA addresses in response to DNS queries provided by one of the Mac Minis.
Has someone modified the DNS server on OS X Server so that AAAA records are removed from DNS requests to that server? If so, can you share what you did?
This would help a lot of early IPv6 adopters that lost Netflix content access when Netflix instituted this policy of blocking content delivery to IPv6 addresses tunneled through IPv4, even though the customers using the tunnel are in the US and are entitled to receive the content as part of their license.
This issue has been reported to Netflix and they have no interest in solving the problem on their end. Completely disabling IPv6 in the router negates having access to the IPv6 services for the entire network, which has worked perfectly for years for all services,including Netflix, until Netflix decided to restrict tunneled IPv6 traffic.
Any solution to share the way to modify the DNS service in a MacMini to remove AAAA records from DNS requests would be deeply appreciated. For the record, the router I use is a CISCO 1921 as the IPv6 endpoint. It works perfectly supporting IPv6 network services to the internet and on the LAN.
Mac mini, OS X Server
Posted on Jun 26, 2016 2:47 PM