[Dnsmasq-discuss] cname target limitations

igpg igpg at vmail.me
Mon Oct 3 11:27:58 BST 2016


Hi Guys,
anyone on this one?
thanks.

On 09/26/2016 04:33 PM, igpg wrote:
> Hi,
> I'm trying to apply a search restriction for youtube, google and bing 
> searches and I added the following to my dnsmasq.conf :
>
> -------------------------------------------------
> cname=m.youtube.com,restrict.youtube.com
> cname=www.youtube.com,restrict.youtube.com
> cname=www.youtube-nocookie.com,restrict.youtube.com
> cname=youtube.googleapis.com,restrict.youtube.com
> cname=youtubei.googleapis.com,restrict.youtube.com
> cname=www.google.com,forcesafesearch.google.com
> cname=google.com,forcesafesearch.google.com
> cname=www.bing.com,strict.bing.com
> cname=www.bing.it,strict.bing.com
> cname=bing.com,strict.bing.com
> -------------------------------------------------
>
> Although I saw the dns queries hitting dnsmasq the replies were 
> completely ignoring the real restricted.domain.com IP and replying 
> instead with the real IP of the domain itself which brought me to :
>
> ------------------------------------------------------------------------------- 
>
>        --cname=<cname>,<target>[,<TTL>]
>               Return a CNAME record which indicates that <cname> is 
> really <target>. There are significant limitations on the target; it  
> must be  a  DNS  name which is known to dnsmasq from /etc/hosts (or 
> additional hosts files), from DHCP, from --interface-name or from 
> another --cname.  If the target does not satisfy this criteria, the 
> whole cname is ignored. The cname must be unique, but it  is 
> permissable to have more than one cname pointing to the same target.
>               If  the time-to-live is given, it overrides the default, 
> which is zero or the value of -local-ttl. The value is a positive 
> integer and gives the time-to-live in seconds.
> --------------------------------------------------------------------------------- 
>
>
> How I'm supposed to use cname if it doesn't resolve the target CNAME?
> expand-hosts and /etc/hosts it's not an option in case the server uses 
> a dynamic IP.
>
> Please this is quite important to heave,
> Regards,
> Tom.
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss





More information about the Dnsmasq-discuss mailing list