[Dnsmasq-discuss] Wildcard CNAMEs - unexpected behaviour.

Simon Kelley simon at thekelleys.org.uk
Sat Jun 2 17:44:01 BST 2018


On 29/05/18 23:11, Stephen Howell wrote:
> Hi,
> 
> I'm an occasional sysadmin and I was looking to setup a round-robin
> wildcard CNAME for a test project at home. I checked the dnsmasq docs
> and saw:
> 
> *--cname* as long as the record name is in the authoritative domain. If
> the target of the CNAME is unqualified, then it is qualified with the
> authoritative zone name. CNAME used in this way (only) may be wildcards,
> as in
> 
> *cname=*.example.com <http://example.com>,default.example.com
> <http://default.example.com>*
> 
> *
> *
> 
> I figured out that the A records would need to be added as /etc/hosts
> entries so I did so then added a couple of lines in my config to be
> authoritative for this one zone and create the CNAME:
> 
> 
> auth-zone=local,127.0.0.0/24,192.168.0.0/16,br-lan
> <http://127.0.0.0/24,192.168.0.0/16,br-lan> cname=*.k8s.local,app.k8s.local
> 
> This *should* have created a DNS record that responds to queries for
> "app2.k8s.local", "app3.k8s.local" etc. That does not happen, any
> request for sub-domains below k8s.local returns empty data.
> 
> Instead what I have is a record that responds to the *literal form* of
> "*.k8s.local"!!
> 
> $ dig *.k8s.local @192.168.0.2 <http://192.168.0.2>
> 
> ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> *.k8s.local @192.168.1.1 <http://192.168.1.1>
> ;; global options: +cmd
> ;; Got answer:
> ;; WARNING: .local is reserved for Multicast DNS
> ;; You are currently testing what happens when an mDNS query is leaked to DNS
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41245
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;*.k8s.local.			IN	A
> 
> ;; ANSWER SECTION:
> *.k8s.local.		0	IN	CNAME	app.k8s.local.
> app.k8s.local.		0	IN	A	192.168.1.11
> app.k8s.local.		0	IN	A	192.168.1.12
> app.k8s.local.		0	IN	A	192.168.1.13
> 
> ;; Query time: 2 msec
> ;; SERVER: 192.168.0.2#53(192.168.0.2)
> ;; WHEN: Tue May 29 22:49:01 BST 2018
> ;; MSG SIZE  rcvd: 115
> 
> That is not a wildcard entry! Any idea what happened? DNSmasq is
> 2.80test2 (current version from the OpenWRT repo).


The query was for *.k8s.local, and that's what you got an answer for.
That's quite correct. Try

dig app.k8s.local @192.168.0.2

Note that running in authoritative mode is a little more complex than
you've configured: you'll need and auth-server config line as well, for
instance, and probably a glue record elsewhere in the DNS.


Cheers,

Simon.

> 
> I realise that the address=/domain.com/1.1.1.1
> <http://domain.com/1.1.1.1> form could be used, but that doesn't help
> create a round-robin entry. How should a wildcard entry for multiple
> backing hosts be created?
> 
> Thanks
> Stephen
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 




More information about the Dnsmasq-discuss mailing list