handler, cmd: add disable-ipv4 option

README.md

@@ -95,6 +95,8 @@ Usage of ./dnsproxy:
         Disable secure TLS certificate validation.
   --ipv6-disabled
         If specified, all AAAA requests will be replied with NoError RCode and empty answer.
+  --ipv4-disabled
+        If specified, all A requests will be replied with NoError RCode and empty answer.
   --listen=address/-l address
         Listening addresses.
   --max-go-routines=uint

internal/cmd/args.go

@@ -57,6 +57,7 @@ const (
 	verboseIdx
 	insecureIdx
 	ipv6DisabledIdx
+	ipv4DisabledIdx
 	http3Idx
 	cacheOptimisticIdx
 	cacheIdx
@@ -340,6 +341,13 @@ var commandLineOptions = []*commandLineOption{
 		short:     "",
 		valueType: "",
 	},
+	ipv4DisabledIdx: {
+		description: "If specified, all A requests will be replied with NoError RCode and " +
+			"empty answer.",
+		long:      "ipv4-disabled",
+		short:     "",
+		valueType: "",
+	},
 	http3Idx: {
 		description: "Enable HTTP/3 support.",
 		long:        "http3",
@@ -440,6 +448,7 @@ func parseCmdLineOptions(conf *configuration) (err error) {
 		verboseIdx:                &conf.Verbose,
 		insecureIdx:               &conf.Insecure,
 		ipv6DisabledIdx:           &conf.IPv6Disabled,
+		ipv4DisabledIdx:           &conf.IPv4Disabled,
 		http3Idx:                  &conf.HTTP3,
 		cacheOptimisticIdx:        &conf.CacheOptimistic,
 		cacheIdx:                  &conf.Cache,

internal/cmd/config.go

@@ -162,6 +162,9 @@ type configuration struct {
 	// IPv6Disabled makes the server to respond with NODATA to all AAAA queries.
 	IPv6Disabled bool `yaml:"ipv6-disabled"`
 
+	// IPv4Disabled makes the server to respond with NODATA to all A queries.
+	IPv4Disabled bool `yaml:"ipv4-disabled"`
+
 	// HTTP3 controls whether HTTP/3 is enabled for this instance of dnsproxy.
 	// It enables HTTP/3 support for both the DoH upstreams and the DoH server.
 	HTTP3 bool `yaml:"http3"`

internal/cmd/proxy.go

@@ -49,6 +49,7 @@ func createProxyConfig(
 		// TODO(e.burkov):  Use the configured message constructor.
 		MessageConstructor: dnsmsg.DefaultMessageConstructor{},
 		HaltIPv6:           conf.IPv6Disabled,
+		HaltIPv4:           conf.IPv4Disabled,
 		HostsFiles:         hosts,
 	})
 

internal/handler/default.go

@@ -23,6 +23,10 @@ type DefaultConfig struct {
 	// HaltIPv6 halts the processing of AAAA requests and makes the handler
 	// reply with NODATA to them, if true.
 	HaltIPv6 bool
+
+	// HaltIPv4 halts the processing of A requests and makes the handler
+	// reply with NODATA to them.
+	HaltIPv4 bool
 }
 
 // Default implements the default configurable [proxy.RequestHandler].
@@ -31,6 +35,7 @@ type Default struct {
 	hosts        hostsfile.Storage
 	logger       *slog.Logger
 	isIPv6Halted bool
+	isIPv4Halted bool
 }
 
 // NewDefault creates a new [Default] handler.
@@ -45,6 +50,7 @@ func NewDefault(conf *DefaultConfig) (d *Default) {
 	return &Default{
 		logger:       conf.Logger,
 		isIPv6Halted: conf.HaltIPv6,
+		isIPv4Halted: conf.HaltIPv4,
 		messages:     mc,
 		hosts:        conf.HostsFiles,
 	}
@@ -64,6 +70,10 @@ func (h *Default) HandleRequest(p *proxy.Proxy, proxyCtx *proxy.DNSContext) (err
 		return nil
 	}
 
+	if proxyCtx.Res = h.haltA(ctx, proxyCtx.Req); proxyCtx.Res != nil {
+		return nil
+	}
+
 	if proxyCtx.Res = h.resolveFromHosts(ctx, proxyCtx.Req); proxyCtx.Res != nil {
 		return nil
 	}

internal/handler/ipv4halt.go

@@ -0,0 +1,23 @@
+package handler
+
+import (
+	"context"
+
+	"github.com/miekg/dns"
+)
+
+// haltA halts the processing of A requests if IPv4 is disabled.  req must
+// not be nil.
+func (h *Default) haltA(ctx context.Context, req *dns.Msg) (resp *dns.Msg) {
+	if h.isIPv4Halted && req.Question[0].Qtype == dns.TypeA {
+		h.logger.DebugContext(
+			ctx,
+			"ipv4 is disabled; replying with empty response",
+			"req", req.Question[0].Name,
+		)
+
+		return h.messages.NewMsgNODATA(req)
+	}
+
+	return nil
+}