From 6c6d9580d9aeec8fd0faa0848dcb09a585628287 Mon Sep 17 00:00:00 2001
From: Donavan Fritz <dfritz@netflix.com>
Date: Sat, 10 Feb 2024 23:02:52 -0800
Subject: [PATCH] prevent ipv4-mapped IPv6 address responses

---
 synthetic.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/synthetic.go b/synthetic.go
index 3d25b0a..5f0abe4 100644
--- a/synthetic.go
+++ b/synthetic.go
@@ -96,7 +96,7 @@ func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
 		}
 
 		// handle AAAA requests with IPv6 address
-		if ip.To16() != nil && state.QType() == dns.TypeAAAA {
+		if ip.To4() == nil && state.QType() == dns.TypeAAAA {
 			log.Debug("Responding to AAAA request for ", state.QName())
 			m := new(dns.Msg)
 			m.SetReply(r)
@@ -118,7 +118,7 @@ func (s synthetic) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Ms
 		}
 
 		// handle A requests with IPv6 address (respond with empty answer and NOERROR)
-		if ip.To16() != nil && state.QType() == dns.TypeA {
+		if ip.To4() == nil && state.QType() == dns.TypeA {
 			log.Debug("Responding to A request for ", state.QName(), " with empty answer")
 			m := new(dns.Msg)
 			m.SetReply(r)