unbound-no-aaaa vs 'private-address: 0::0/0'

[phizev]

Would adding private-address: 0::0/0 to unbound.conf not accomplish the same as unbound-no-aaaa without relying on using the python module?

[bezerker]

Just to confirm, the above line does prevent AAAA lookups and solves my needs I wanted to use this python addon for.

Thank you both @phizev and @berstend .

[phizev]

So to answer my own question, the difference is in time taken to respond to the query. private-address: 0::0/0 doesn't stop the query from being done. The query is done, and then the result is blocked from being sent back to the client. The python module here stops the query from being made in the first place (I believe), so it's much faster to get software to move on.

While private-address: 0::0/0 stops clients from getting results for AAAA addresses, the time it takes to do so can be ... painful, and wasteful of processing power/cache. Though, it works with a stock set up on a router with constrained flash.

[rozhuk-im]

local-zone: "google.com"			typetransparent
local-data: "google.com				30	IN AAAA	::0"
local-data: "www.google.com			30	IN AAAA	::0"

or

local-zone: "google.com"			block_aaaa

after NLnetLabs/unbound#884 get merged

[mmiller7]

Anyone know why "private-address: ::/0" seems to cause SERVFAIL responses that then makes some clients think there's no internet even though its returning IPv4 addresses perfectly?