<div><div dir="auto">Morning sir,</div></div><div dir="auto"><br></div><div dir="auto">This is the case.</div><div dir="auto"><br></div><div dir="auto">If you look up "Google safe search" and dnsmasq you will see a static defined <a href="http://forcesafesearch.google.com">forcesafesearch.google.com</a> and then a cname for <a href="http://google.com">google.com</a>..</div><div dir="auto"><br></div><div dir="auto">Random Google search below..</div><div dir="auto"><br></div><div dir="auto"><div><a href="https://github.com/RMerl/asuswrt-merlin/wiki/Enforce-Safesearch">https://github.com/RMerl/asuswrt-merlin/wiki/Enforce-Safesearch</a></div></div><div dir="auto"><br></div><div dir="auto">I think what you are missing is telling dnsmasq that it is somewhat authoritative for <a href="http://lb2.pi-hole.io">lb2.pi-hole.io</a></div><div dir="auto"><br></div><div dir="auto">ie.. it doesn't know about your hosts entry when it's resolving the cname..</div><div dir="auto"><br></div><div dir="auto">I'll send specific example when I get to work..</div><div dir="auto"><br></div><div dir="auto">Three hours or so..</div><div><br><div class="gmail_quote"><div>On Tue, Jun 19, 2018 at 5:27 AM Dominik DL6ER <<a href="mailto:dl6er@dl6er.de">dl6er@dl6er.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear mailing list members,<br>
<br>
it appears like that dnsmasq does not check the cache for canonical names.<br>
<br>
Assume the following situation: I defined "127.0.0.1 <a href="http://lb2.pi-hole.io" rel="noreferrer" target="_blank">lb2.pi-hole.io</a>" in<br>
/etc/hosts<br>
<br>
If I query this domain directly, i.e.<br>
<br>
> $ dig <a href="http://lb2.pi-hole.net" rel="noreferrer" target="_blank">lb2.pi-hole.net</a><br>
><br>
> ;; ANSWER SECTION:<br>
> <a href="http://lb2.pi-hole.io" rel="noreferrer" target="_blank">lb2.pi-hole.io</a>. 2 IN A 127.0.0.1<br>
><br>
then everything works as expected. However, if this domain happens to be<br>
in a reply to a CNAME query, e.g.<br>
<br>
> $ dig <a href="http://changes.pi-hole.net" rel="noreferrer" target="_blank">changes.pi-hole.net</a><br>
><br>
> ;; ANSWER SECTION:<br>
> <a href="http://changes.pi-hole.net" rel="noreferrer" target="_blank">changes.pi-hole.net</a>. 3099 IN CNAME <a href="http://lb2.pi-hole.io" rel="noreferrer" target="_blank">lb2.pi-hole.io</a>.<br>
> <a href="http://lb2.pi-hole.io" rel="noreferrer" target="_blank">lb2.pi-hole.io</a>. 85843 IN A 45.76.128.97<br>
><br>
then dnsmasq ignores my HOSTS file entry and hands out the true record.<br>
<br>
I assume the issue here is that dnsmasq forwards "<a href="http://changes.pi-hole.net" rel="noreferrer" target="_blank">changes.pi-hole.net</a>"<br>
to the upstream server and receives the full reply (incl. the correct A<br>
record of <a href="http://lb2.pi-hole.io" rel="noreferrer" target="_blank">lb2.pi-hole.io</a>) so there is no need to lookup this domain in<br>
the cache.<br>
<br>
Is this a bug or is it by design?<br>
<br>
Best regards,<br>
Dominik<br>
<br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Network Analyst<br>Poughkeepsie City School District<br>SMS & Mobile: (202) 810-5827<br><a href="http://twitter.com/bcookatpcsd">twitter.com/bcookatpcsd</a><br><br>If you can't explain it simply, you don't understand it well enough.</div>
<br>
<br style="color:rgb(136,136,136);font-family:arial,sans-serif;background-color:rgb(255,255,255)"><span style="color:rgb(69,69,69);background-color:rgb(255,255,255)"><font size="1">This message may contain confidential information and is intended only for the individual(s) named. If you are not an intended recipient you are not authorized to disseminate, distribute or copy this e-mail. Please notify the sender immediately if you have received this e-mail by mistake and delete this e-mail from your system.</font></span>