[Dnsmasq-discuss] CNAME filtering

Geert Stappers stappers at stappers.nl
Mon Mar 22 19:57:44 UTC 2021 

On Mon, Mar 22, 2021 at 06:07:27PM +0000, dnsmasqlist2021 at rscubed.com wrote:
> On Mon, 22 Mar 2021, Geert Stappers via Dnsmasq-discuss wrote:
> > On Mon, Mar 22, 2021 at 03:19:00AM +0000, dnsmasqlist2021 at rscubed.com wrote:
> > > 
> > > I am trying to do some CNAME filtering but it is not working for me...
> > > 
> > 
> > I wonder if option
> > 
> >       -h, --no-hosts
> >              Don't read the hostnames in /etc/hosts.
> > 
> > 
> > is maybe active.
> > 
> > 
> > And the
> > > cname=*.dnsdelegation.io,blackhole.inv
> > > cname=dnsdelegation.io,blackhole.inv
> > > local=/.dnsdelegation.io/
> > looks odd.  Expiriment with removing the `local=` line.
> > 
> > 
> 
> If I use www.bestbuy.com as an example I see
> 
> 8683 192.168.1.3/34112 query[AAAA] www.bestbuy.com from 192.168.1.3
> 8683 192.168.1.3/34112 forwarded www.bestbuy.com to 192.168.1.7
> 8682 192.168.1.3/34112 reply www.bestbuy.com is <CNAME>
> 8682 192.168.1.3/34112 reply www.bestbuy.com.edgekey.net is <CNAME>
> 8682 192.168.1.3/34112 reply e5816.x.akamaiedge.net is 184.24.144.179
> 
> the cname wildcard was added in version 2.77 according to changelog
> If I add a wildcard cname I see no change in response it still resolves :
> 
> cname=*.bestbuy.com,blackhole.inv
> 
> If I use the direct name www.bestbuy.com
> 
> cname=www.bestbuy.com,blackhole.inv
> 
> then it works and I get :
> $ host www.bestbuy.com
> www.bestbuy.com is an alias for blackhole.inv.
> blackhole.inv has address 127.0.0.1
> 
> But for this example what I want is to make this replied cname
> www.bestbuy.com.edgekey.net goto blackhole.inv and neither the desired
> wildcard version or the full name work. www.bestbuy.com still resolves.
> 
> Tried these variations of what is in the replies to www.bestbuy.com
> 
> cname=*.edgekey.net,blackhole.inv
> 
> cname=www.bestbuy.com.edgekey.net,blackhole.inv
> 
> cname=e5816.x.akamaiedge.net,blackhole.inv
> 
> cname=*.akamaiedge.net,blackhole.inv
> 
> I also tried adding edgekey.net to /etc/hosts and doing
> cname=*.edgekey.net,edgekey.net
> But this also had not affect on www.bestbuy.com resolving/
> 
> I'm guessing because these are all in replies that are not looked at ???
> 

I'm guessing that previous response has been missed.


Groeten
Geert Stappers
-- 
Silence is hard to parse

More information about the Dnsmasq-discuss mailing list