<div dir="rtl"><div dir="rtl"><div dir="ltr"><div dir="ltr">Hi Simon,</div><div dir="ltr"><br></div><div dir="ltr">Thanks a lot for a prompt response. </div><div dir="ltr">Unfortunately, I can't have both (CNAME and host) entries in upstream neither in dnsmasq.</div><div dir="ltr"><br></div><div dir="ltr">I'll add a few words about what I need to do,</div><div dir="ltr">As Openstack tenant, I run an application that composed of few VMs, the VMs communicate with other VMs using hostname (the one that defined CNAME) and VMs may recreate on the fly (means VM's IP changed).</div><div dir="ltr"><br></div><div dir="ltr">From one side, as OpenStack tenant I'm not allowed to add CNAME entries to dnsmasq and from the other side, since the VMs IPs may change dynamically it isn't practical to store the target IPs in the upstream server.</div><div dir="ltr"><br></div><div dir="ltr">So, having the CNAME in upstream server and VMs IPs in dnsmasq is the most suitable solution for me.</div><div dir="ltr"><br></div><div dir="ltr">Is this dnsmasq limitation is just due to lack of support in code/bug? </div><div dir="ltr">or it requires massive architectural changes of dnsmasq?</div><div dir="ltr">If it's the first one, I can try to fix this issue.</div><div dir="ltr"><br></div><div dir="ltr">Thanks</div><div dir="ltr">Yossi</div><div><br></div></div></div></div><br><div class="gmail_quote"><div dir="rtl">בתאריך יום ב׳, 21 בינו׳ 2019 ב-0:29 מאת Simon Kelley <<a href="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">It's a known limitation. The actual limitation is that a CNAME and it's<br>
target must both either originate from an upstream server, or both<br>
originate from the dnsmasq local configuration. Mixing sources (ie CNAME<br>
from upstream and target from dnsmasq, or vice-versa) is not allowed.<br>
<br>
The commonest situation, when a CNAME is defined in dnsmasq's<br>
configuration whose target comes from upstream, is noted a a problem in<br>
the man page, but that doesn't mention what you're doing, defining the<br>
CNAME upstream but the target in dnsmasq. It should probably do that.<br>
<br>
Workaround is to add the CNAME to the dnsmasq configuration.<br>
<br>
Cheers,<br>
<br>
Simon.<br>
<br>
<br>
<br>
<br>
On 20/01/2019 11:03, Yossi Boaron wrote:<br>
> <br>
> Hi All,<br>
> I have the following DNS topology (In my Openstack deployment):<br>
> VM --> DNSMASQ --> external DNS server <br>
> domain name= <a href="http://shiftstack.com" rel="noreferrer" target="_blank">shiftstack.com</a> <<a href="http://shiftstack.com/" rel="noreferrer" target="_blank">http://shiftstack.com/</a>>, and Dnsmasq 2.76<br>
> is used at this Openstack deployment.<br>
> <br>
> I run the following test:<br>
> 1. Define CNAME record at external DNS server<br>
> <br>
> <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>. <br>
> IN CNAME ostest-master-2<br>
> <br>
> 2. while 'ostest-master-2' is defined in --addn-hosts at Dnsmasq:<br>
> the relevant entry:<br>
> 10.0.1.214 <a href="http://ostest-master-2.shiftstack.com" rel="noreferrer" target="_blank">ostest-master-2.shiftstack.com</a><br>
> <<a href="http://ostest-master-2.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-master-2.shiftstack.com/</a>>. ostest-master-2<br>
> <br>
> 3. next step, I tried to resolve '<a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a><br>
> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>.' from the VM.<br>
> I expected that dig <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a><br>
> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>. should be replied with the<br>
> ostest-master-2 IP (10.0.1.214).<br>
> <br>
> Actual behavior:<br>
> When I run dig (see 1) just for type A, Dnsmasq replied only with the<br>
> CNAME entry and doesn't return ostest-master-2 IP address.<br>
> <br>
> But when I run dig (see 2) for types AAAA and A (at this order), I can<br>
> see that Dnsmasq resolves ostest-master-2 IP address as expected.<br>
> <br>
> It seems to me like an issue of CNAME caching at Dnsmasq (2.76), <br>
> Is it a known issue?<br>
> <br>
> Thanks in advance<br>
> Yossi<br>
> <br>
> <br>
> [1] <br>
> $ dig +noedns <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a><br>
> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>. A<br>
> <br>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>><br>
> +noedns <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a><br>
> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>. A<br>
> ;; global options: +cmd<br>
> ;; Got answer:<br>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13837<br>
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<br>
> <br>
> ;; QUESTION SECTION:<br>
> ;<a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>. <br>
> IN A<br>
> <br>
> ;; ANSWER SECTION:<br>
> <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>.<br>
> 3600 IN CNAME <a href="http://ostest-master-2.shiftstack.com" rel="noreferrer" target="_blank">ostest-master-2.shiftstack.com</a><br>
> <<a href="http://ostest-master-2.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-master-2.shiftstack.com/</a>>.<br>
> <br>
> ;; Query time: 2 msec<br>
> ;; SERVER: 10.0.0.2#53(10.0.0.2)<br>
> ;; WHEN: Sun Jan 20 09:52:48 UTC 2019<br>
> ;; MSG SIZE rcvd: 118<br>
> <br>
> $ <br>
> <br>
> [2] <br>
> $ dig +noedns <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a><br>
> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>.<br>
> AAAA <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a><br>
> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>. A<br>
> <br>
> ; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>><br>
> +noedns <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a><br>
> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>.<br>
> AAAA <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>. A<br>
> ;; global options: +cmd<br>
> ;; Got answer:<br>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63573<br>
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<br>
> <br>
> ;; QUESTION SECTION:<br>
> ;<a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>. <br>
> IN AAAA<br>
> <br>
> ;; ANSWER SECTION:<br>
> <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>.<br>
> 3600 IN CNAME <a href="http://ostest-master-2.shiftstack.com" rel="noreferrer" target="_blank">ostest-master-2.shiftstack.com</a><br>
> <<a href="http://ostest-master-2.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-master-2.shiftstack.com/</a>>.<br>
> <br>
> ;; Query time: 3 msec<br>
> ;; SERVER: 10.0.0.2#53(10.0.0.2)<br>
> ;; WHEN: Sun Jan 20 09:53:59 UTC 2019<br>
> ;; MSG SIZE rcvd: 118<br>
> <br>
> ;; Got answer:<br>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15671<br>
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0<br>
> <br>
> ;; QUESTION SECTION:<br>
> ;<a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>. <br>
> IN A<br>
> <br>
> ;; ANSWER SECTION:<br>
> <a href="http://ostest-etcd-5.shiftstack.com" rel="noreferrer" target="_blank">ostest-etcd-5.shiftstack.com</a> <<a href="http://ostest-etcd-5.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-etcd-5.shiftstack.com/</a>>.<br>
> 3600 IN CNAME <a href="http://ostest-master-2.shiftstack.com" rel="noreferrer" target="_blank">ostest-master-2.shiftstack.com</a><br>
> <<a href="http://ostest-master-2.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-master-2.shiftstack.com/</a>>.<br>
> <a href="http://ostest-master-2.shiftstack.com" rel="noreferrer" target="_blank">ostest-master-2.shiftstack.com</a> <<a href="http://ostest-master-2.shiftstack.com/" rel="noreferrer" target="_blank">http://ostest-master-2.shiftstack.com/</a>>.<br>
> 0 IN A 10.0.1.214<br>
> <br>
> ;; Query time: 0 msec<br>
> ;; SERVER: 10.0.0.2#53(10.0.0.2)<br>
> ;; WHEN: Sun Jan 20 09:53:59 UTC 2019<br>
> ;; MSG SIZE rcvd: 106<br>
> <br>
> $ <br>
> <br>
> _______________________________________________<br>
> Dnsmasq-discuss mailing list<br>
> <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
> <br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div>