[Dnsmasq-discuss] CNAME with no IP treated as SUCCESS

Sat Sep 10 21:20:57 BST 2016

Hi,

I am using Dnsmasq version 2.76.
I have facing a problem that Dnsmasq returns "success" when it should not.
Explanation below:

My organization has a Windows' AD server running as a DHCP/DNS server 
at: 192.168.30.254
* The Windows AD is not under my control.

I have a dnsmasq running at 192.168.15.254
For my Dnsmasq (192.168.15.254) I have set the Windows' Ad 
(192.168.30.254) as one of my upstream servers,
along with the usual suspects like 8.8.8.8, 8.8.4.4, etc.
(I need to keep the AD server as one of the upstream as I need some 
other local names)

--- /etc/dnsmasq.conf ---
expand-hosts
domain = mydomain.net
all-servers
#strict-order
domain-needed
log-facility = /var/log/dnsmasq.log
clear-on-reload
no-negcache
#log-queries
------

--- /etc/resolv.conf ---
nameserver 127.0.0.1
nameserver 192.168.30.254
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 64.6.64.6
nameserver 64.6.65.6
------

As part of a workflow (and for various other resaons), I create a DNS 
entry in AWS's Route53 DNS as follows:
realhost.mydomain.net (A)
somehost.mydomain.net (CNAME to realhost)

The problem begins when, during my workflow, I try to ping 
"somehost.mydomain.net"

==================================================================
1. nslookup using the internal Windows AD (which only returns the CNAME, 
no IP)
# nslookup somehost.mydomain.net
Server:         192.168.30.254
Address:        192.168.30.254#53

Non-authoritative answer:
somehost.mydomain.net      canonical name = realhost.mydomain.net.
==================================================================

==================================================================
2. nslookup using Google Nameserver (which only returns the CNAME and IP)
# nslookup somehost.mydomain.net 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
somehost.mydomain.net      canonical name = realhost.mydomain.net.
Name:   realhost.mydomain.net
Address: 192.168.58.216

==================================================================
2. nslookup using internal Dnsmasq (which only returns the CNAME, no IP)
*** This is because it gets this information from the Windows' AD, even 
though "all-servers" is set.

# nslookup somehost.mydomain.net 192.168.15.254
Server:         192.168.15.254
Address:        192.168.15.254#53

Non-authoritative answer:
somehost.mydomain.net      canonical name = realhost.mydomain.net.
==================================================================

My question is this:
Can Dnsmasq be configured to treat the "CNAME but no IP" as a failure 
and thus ignore it, and fetch
the information from the next/another name server ?!?

*** I know I can use "server=/mydomain.net/8.8.8.8" in my Dnsmasq, but I 
still would need to
get the Windows' AD to hand out my Dnsmasq as a nameserver (which is not 
possible).

Regards,
Shantanu Gadgil