[Dnsmasq-discuss] Re: CNAME lookup going to wrong server

Marcus Better marcus at better.se
Wed Mar 1 17:47:40 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Following up on this old thread:

Simon Kelley wrote:
> Marcus Better wrote:

>> I have configured dnsmasq with a "server" directive to forward queries
>> for better.se to an internal name server. Now if I have
>> 
>>   www.better.se   CNAME   www.example.org
>> 
>> and a client queries dnsmasq for www.better.se, then it looks to me like
>> dnsmasq first asks the internal name server for www.better.se, and then
>> asks it again for www.example.org. a
> 
> That's not quite what happens: an A query for www.better.se will go to
> your internal nameserver, which will return the information that
> www.better.se is a CNAME for www.example.org, and no information about
> www.example.org. Since this is a perfectly valid answer (It's fine to
> have a CNAME point to a domain which exists, but has no information for
> a partcicular RR-type) then no second query will every be made.

That may be so, but the resolver or "host" utility will certainly follow the
CNAME. And here I am getting strange results:

marcus at myhost:~$ host www.better.se
Host www.better.se not found: 5(REFUSED)

The machine myhost has its resolver pointing to my dnsmasq server
192.168.100.6. The internal nameserver for better.se is 192.168.1.2, and on
this machine I see:

01-Mar-2006 18:38:11.898 security: info: client 192.168.100.6#2051: query
(cache) 'blue.abc.se/A/IN' denied
01-Mar-2006 18:38:11.967 security: info: client 192.168.100.6#2051: query
(cache) 'blue.abc.se/A/IN' denied

dnsmasq.conf contains the following:

server=/better.se/192.168.1.2
server=/dactylis.com/192.168.1.2
server=/100.168.192.in-addr.arpa/192.168.1.2
server=/1.168.192.in-addr.arpa/192.168.1.2
server=aa.bb.cc.dd
server=ee.ff.gg.hh

So I do not understand why dnsmasq on 192.168.100.6 is apparently asking
192.168.1.2 to resolve blue.abc.se, when that query should go to one of the
default name servers.

Marcus

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEBd5AXjXn6TzcAQkRAjtAAJ0RMAL3kADDrpBIlUZs5bJtx7FFgACg6qbL
ZzQ2wySUUtt85qwHYRDege4=
=6KaZ
-----END PGP SIGNATURE-----




More information about the Dnsmasq-discuss mailing list