Unbound AAAA filtering

If you have ever tried to announce an IPv6 prefix into a network without access to the global unicast subnet you will notice many things break as applications assume otherwise. For me this is a problem when announcing a Yggdrasil prefix (200::/7).

Advertising a Yggdrasil prefix

The solution that I've found is to prevent applications from resolving IPv6 addresses by filtering global unicast AAAA records using Unbound.

unbound.conf

ipv6-filter.rpz

Proxied content from gemini://spam.works/users/emery/unbound-filter-aaa.gmi

Gemini request details:

Original URL
gemini://spam.works/users/emery/unbound-filter-aaa.gmi
Status code
Success
Meta
text/gemini
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.