# Filter AAAA

The `Filter AAAA` app allows filtering `AAAA` records by returning `NODATA` responses when `A` records for the same domain name are available. This allows clients with dual-stack (IPv4 and IPv6) internet connections to prefer using IPv4 to connect to websites and use IPv6 only when a website has no IPv4 support.

The app is a _post processor_. That means, it modifies a response generated by the DNS server before it is sent to the client.

## Configuration

As any post processor, this app is configured globally in the app settings. Its configuration file is a JSON document which looks like the following:

```
{
  "enableFilterAaaa": true,
  "defaultTtl": 30,
  "bypassLocalZones": false,
  "bypassNetworks": [
    "192.168.1.0/24"
  ],
  "bypassDomains": [
    "example.com"
  ],
  "filterDomains": [
  ]
}
```

The individual settings are:

- `enableFilterAaaa`: when set to `false`, this app is disabled and passes through the original response.

- `defaultTtl`: The default TTL (seconds) to use for the response. This will be used by clients to cache negative response.

- `bypassLocalZones`: when set to `true`, authoritative answers are passed through unmodified.

- `bypassNetworks`: a list of networks. If a request originates from a client in any of the specified networks, the original response is passed through unmodified.

- `bypassDomains` a list of domain names. If a request is for a domain in this list, the original response is passed through unmodified. This includes subdomains of the domains in `bypassDomains`, i.e. `example.com` also matches `subdomain.example.com`.

- `filterDomains` a list of domain names. If the list of filtered domain names is specified then the app will filter AAAA responses only for the specified domain names and their subdomain names. When the list is empty then the app will filter AAAA responses for all domain names.

## Post-processing

The app processes any response which matches all of the following criteria:

- the response has a `NoError` response code
- the query type is `AAAA`
- the response contains at least one `AAAA` record
- the request / response pair is not excluded by any configuration setting
- a lookup for an up `A` record for the same domain is successful and returns an address

Note that this means that `NXDOMAIN`, `SERVFAIL`, and `NODATA` responses are left unmodified.

The matching responses are replaced by one which includes all the `CNAME` records from the original response and a `SOA` record, but no `AAAA` record.