[Dnsmasq-discuss] HOSTS not applied to cannonical names
B. Cook
bcook at poughkeepsieschools.org
Tue Jun 19 11:36:54 BST 2018
Morning sir,
This is the case.
If you look up "Google safe search" and dnsmasq you will see a static
defined forcesafesearch.google.com and then a cname for google.com..
Random Google search below..
https://github.com/RMerl/asuswrt-merlin/wiki/Enforce-Safesearch
I think what you are missing is telling dnsmasq that it is somewhat
authoritative for lb2.pi-hole.io
ie.. it doesn't know about your hosts entry when it's resolving the cname..
I'll send specific example when I get to work..
Three hours or so..
On Tue, Jun 19, 2018 at 5:27 AM Dominik DL6ER <dl6er at dl6er.de> wrote:
> Dear mailing list members,
>
> it appears like that dnsmasq does not check the cache for canonical names.
>
> Assume the following situation: I defined "127.0.0.1 lb2.pi-hole.io" in
> /etc/hosts
>
> If I query this domain directly, i.e.
>
> > $ dig lb2.pi-hole.net
> >
> > ;; ANSWER SECTION:
> > lb2.pi-hole.io. 2 IN A 127.0.0.1
> >
> then everything works as expected. However, if this domain happens to be
> in a reply to a CNAME query, e.g.
>
> > $ dig changes.pi-hole.net
> >
> > ;; ANSWER SECTION:
> > changes.pi-hole.net. 3099 IN CNAME lb2.pi-hole.io.
> > lb2.pi-hole.io. 85843 IN A 45.76.128.97
> >
> then dnsmasq ignores my HOSTS file entry and hands out the true record.
>
> I assume the issue here is that dnsmasq forwards "changes.pi-hole.net"
> to the upstream server and receives the full reply (incl. the correct A
> record of lb2.pi-hole.io) so there is no need to lookup this domain in
> the cache.
>
> Is this a bug or is it by design?
>
> Best regards,
> Dominik
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
--
Network Analyst
Poughkeepsie City School District
SMS & Mobile: (202) 810-5827
twitter.com/bcookatpcsd
If you can't explain it simply, you don't understand it well enough.
--
This message may contain confidential information and is intended only for
the individual(s) named. If you are not an intended recipient you are not
authorized to disseminate, distribute or copy this e-mail. Please notify
the sender immediately if you have received this e-mail by mistake and
delete this e-mail from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180619/89f2796f/attachment.html>
More information about the Dnsmasq-discuss
mailing list