[Dnsmasq-discuss] Wildcard CNAMEs - unexpected behaviour.
Stephen Howell
stephen at allthatwemight.be
Mon Jun 4 15:03:33 BST 2018
Hi,
I had some issues with the DHCP entries not being included when I made the
server authoritative for the .local domain, as I was populating .local from
DHCP leases in dnsmasq also.
Is this configuration of authoritative + DHCP entries supposed to work?
thanks
Stephen
On Sat, 2 Jun 2018 at 18:09 Simon Kelley <simon at thekelleys.org.uk> wrote:
> On 29/05/18 23:11, Stephen Howell wrote:
> > Hi,
> >
> > I'm an occasional sysadmin and I was looking to setup a round-robin
> > wildcard CNAME for a test project at home. I checked the dnsmasq docs
> > and saw:
> >
> > *--cname* as long as the record name is in the authoritative domain. If
> > the target of the CNAME is unqualified, then it is qualified with the
> > authoritative zone name. CNAME used in this way (only) may be wildcards,
> > as in
> >
> > *cname=*.example.com <http://example.com>,default.example.com
> > <http://default.example.com>*
> >
> > *
> > *
> >
> > I figured out that the A records would need to be added as /etc/hosts
> > entries so I did so then added a couple of lines in my config to be
> > authoritative for this one zone and create the CNAME:
> >
> >
> > auth-zone=local,127.0.0.0/24,192.168.0.0/16,br-lan
> > <http://127.0.0.0/24,192.168.0.0/16,br-lan>
> cname=*.k8s.local,app.k8s.local
> >
> > This *should* have created a DNS record that responds to queries for
> > "app2.k8s.local", "app3.k8s.local" etc. That does not happen, any
> > request for sub-domains below k8s.local returns empty data.
> >
> > Instead what I have is a record that responds to the *literal form* of
> > "*.k8s.local"!!
> >
> > $ dig *.k8s.local @192.168.0.2 <http://192.168.0.2>
> >
> > ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> *.k8s.local @192.168.1.1 <
> http://192.168.1.1>
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; WARNING: .local is reserved for Multicast DNS
> > ;; You are currently testing what happens when an mDNS query is leaked
> to DNS
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41245
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;*.k8s.local. IN A
> >
> > ;; ANSWER SECTION:
> > *.k8s.local. 0 IN CNAME app.k8s.local.
> > app.k8s.local. 0 IN A 192.168.1.11
> > app.k8s.local. 0 IN A 192.168.1.12
> > app.k8s.local. 0 IN A 192.168.1.13
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 192.168.0.2#53(192.168.0.2)
> > ;; WHEN: Tue May 29 22:49:01 BST 2018
> > ;; MSG SIZE rcvd: 115
> >
> > That is not a wildcard entry! Any idea what happened? DNSmasq is
> > 2.80test2 (current version from the OpenWRT repo).
>
>
> The query was for *.k8s.local, and that's what you got an answer for.
> That's quite correct. Try
>
> dig app.k8s.local @192.168.0.2
>
> Note that running in authoritative mode is a little more complex than
> you've configured: you'll need and auth-server config line as well, for
> instance, and probably a glue record elsewhere in the DNS.
>
>
> Cheers,
>
> Simon.
>
> >
> > I realise that the address=/domain.com/1.1.1.1
> > <http://domain.com/1.1.1.1> form could be used, but that doesn't help
> > create a round-robin entry. How should a wildcard entry for multiple
> > backing hosts be created?
> >
> > Thanks
> > Stephen
> >
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20180604/d7abe5e7/attachment.html>
More information about the Dnsmasq-discuss
mailing list