I'm currently using one ISP for IPv4 access and another for IPv6. That means, DNS results can be different, depending on which network (IPv4 or IPv6) I'm using for DNS queries. Example:
Since sometimes downloading from CDN servers deployed on a different ISP's network can be really slow, I'm wondering if OpenWrt can be configured to use one DNS server to get IPv4 addresses, and another to get IPv6 addresses. It would be something like this:
edit: response below based on false assumption clients would use one upstream connection only.
indeed... you can't limit the (dns) ip's delivered to the client ( conventionally aka with dnsmasq although i'm not 100% on that )... the dual dns-servers is simply per connection record keeping...
you can limit the hosts a client will connect to... either by issuing them one stack only... or discarding the non-preferred stack at the router either in the firewall or the routing rules.
edit...: now that I think about it... routing should take care of most of that normally if as the op says each upstream connection is one stack only... and adequate pbr / gw's etc are in place per client.
I know you can ignore some reply types. For example:
address=/netflix.com/::
server=/netflix.com/#
will return only IPv4 addresses. I don't know however if it can be generalized.
Another idea would be to mark somehow the queries based on the type, but I am not aware if there is such deep packet inspection available.
Another idea that might work well is to use a different DNS entirely. The Cloudflare system for example. Maybe it returns less customized and more generally applicable results?
Unfortunately in China, Cloudflare could only be worse...
Ping statistics for 2606:4700:4700::1111:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 260ms, Maximum = 262ms, Average = 261ms
Ping statistics for 1.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 280ms, Maximum = 281ms, Average = 280ms
Thanks for the advice. I will search if iptables or something like that can be used to "match" all AAAA queries sent to dnsmasq and then "hijack" them to some other DNS server.
Thanks again for your suggestion. After some search, it turns out that the iptables can do the trick.
I set up 2 new DNS forwarders on 127.0.0.1:5053 and 5054, the first one using IPv4 and the second one using IPv6.
Then I set dnsmasq to forward all (non-local) DNS requests to 127.0.0.1:5053, and used the following command to "hijack" all AAAA queries to 127.0.0.1:5054: