[Dnsmasq-discuss] HOSTS not applied to cannonical names

B. Cook bcook at poughkeepsieschools.org
Tue Jun 19 11:36:54 BST 2018 

Morning sir,

This is the case.

If you look up "Google safe search" and dnsmasq you will see a static
defined forcesafesearch.google.com and then a cname for google.com..

Random Google search below..

https://github.com/RMerl/asuswrt-merlin/wiki/Enforce-Safesearch

I think what you are missing is telling dnsmasq that it is somewhat
authoritative for lb2.pi-hole.io

ie.. it doesn't know about your hosts entry when it's resolving the cname..

I'll send specific example when I get to work..

Three hours or so..

On Tue, Jun 19, 2018 at 5:27 AM Dominik DL6ER <dl6er at dl6er.de> wrote:

> Dear mailing list members,
>
> it appears like that dnsmasq does not check the cache for canonical names.
>
> Assume the following situation: I defined "127.0.0.1 lb2.pi-hole.io" in
> /etc/hosts
>
> If I query this domain directly, i.e.
>
> > $ dig lb2.pi-hole.net
> >
> > ;; ANSWER SECTION:
> > lb2.pi-hole.io.         2       IN      A       127.0.0.1
> >
> then everything works as expected. However, if this domain happens to be
> in a reply to a CNAME query, e.g.
>
> > $ dig changes.pi-hole.net
> >
> > ;; ANSWER SECTION:
> > changes.pi-hole.net.    3099    IN      CNAME   lb2.pi-hole.io.
> > lb2.pi-hole.io.         85843   IN      A       45.76.128.97
> >
> then dnsmasq ignores my HOSTS file entry and hands out the true record.
>
> I assume the issue here is that dnsmasq forwards "changes.pi-hole.net"
> to the upstream server and receives the full reply (incl. the correct A
> record of lb2.pi-hole.io) so there is no need to lookup this domain in
> the cache.
>
> Is this a bug or is it by design?
>
> Best regards,
> Dominik
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-- 
Network Analyst
Poughkeepsie City School District
SMS & Mobile: (202) 810-5827
twitter.com/bcookatpcsd

If you can't explain it simply, you don't understand it well enough.

-- 

This message may contain confidential information and is intended only for 
the individual(s) named. If you are not an intended recipient you are not 
authorized to disseminate, distribute or copy this e-mail. Please notify 
the sender immediately if you have received this e-mail by mistake and 
delete this e-mail from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180619/89f2796f/attachment.html>

More information about the Dnsmasq-discuss mailing list