[Dnsmasq-discuss] dnsmasq cname limitations
tobias+dnsmasq at trds.de
tobias+dnsmasq at trds.de
Sat Nov 6 23:37:56 UTC 2021
Hi, don't know anything about dnsmasq internals, but for DNSSEC it seems
extra queries are possible, and the response depends on which flags are
set (ad/do). Would certainly be possible for CNAMEs as well, guess it's
just not implemented.
On 2021-11-06 at 23:22, Dominick C. Pastore wrote:
> As far as I know, there is no technical or security reason why a Dnsmasq-like server would *need* this limitation, but Dnsmasq has it due to design limitiations.
>
> Dnsmasq either responds to a request entirely locally (using /etc/hosts, records from the config file, and records from DHCP) or relies on the upstream server to provide the complete response. Since replies with CNAMEs must include the target record as well, a local CNAME to an upstream A/AAAA/etc. would have to combine a local and upstream response. That's not possible with Dnsmasq's design..
>
> Nick
>
> On Sat, Nov 6, 2021, at 4:47 PM, Salatiel Filho wrote:
>> Thanks, but I would like to know the reason why there is that limitation.
>> Maybe Simon could explain the reason behind it.
>>
>>
>> Atenciosamente/Kind regards,
>> Salatiel
>>
>>
>>
>> On Sat, Nov 6, 2021 at 4:58 PM Horn Bucking <buckhorn at weibsvolk.org> wrote:
>>>
>>> Hi, why does dnsmasq cname require an entry on /etc/hosts?
>>>
>>> From the dnsmasq man page:
>>>
>>> --cname=<cname>,[<cname>,]<target>[,<TTL>]
>>> Return a CNAME record which indicates that <cname> is really <target>. There is a significant limitation on the target; it must be a DNS record which is known to dnsmasq and NOT a DNS record which comes from an upstream server.
More information about the Dnsmasq-discuss
mailing list