[Dnsmasq-discuss] CNAME responses are not processed through address=/ ... / filter

Geert Stappers stappers at stappers.nl
Thu Nov 25 17:55:23 UTC 2021 

On Thu, Nov 25, 2021 at 11:05:03AM -0600, Alex Rainchik wrote:
> Hello,
> 
> This is my first message here :)

Welcome


> Not sure if it’s a bug or feature request :)

Me neither 8^)

 
> It looks like CNAME responses are not processed through address=/ ...  / filter,
> here is an example
> 
> Config file test.cfg:
> 
> # listening DNS port
> port=30000
> # do not read /etc/resolv.conf at all
> no-resolv
> # do not re-read /etc/resolv.conf when file was changed by ISP
> no-poll
> # default upstream dns server
> server=1.1.1.1
> address=/setup.fe.apple-dns.net/10.10.10.10
> log-debug
> log-queries=extra
> log-facility=/dev/stdout
> keep-in-foreground
> no-daemon
> 
> Running test as “dnsmasq -C test.cfg”
> 
> Direct query for "setup.fe.apple-dns.net" works as expected:
> 
> username at mac:~$ dig @127.0.0.1 -p30000 -t A setup.fe.apple-dns.net. +short
> 10.10.10.10
> 
> However when I query "setup.icloud.com", which is a CNAME pointing to
> "setup.fe.apple-dns.net" it does not get processed trough
> address=/ … / filter:
> 
> username at mac:~$ dig @127.0.0.1 -p30000 -t A setup.icloud.com +short
> setup.fe.apple-dns.net.
> 17.248.190.138
> 17.248.190.206
> 17.248.190.112
> 17.248.190.68
> 17.248.168.72
> 17.248.190.71
> 17.248.168.68
> 17.248.190.104
> 
> Expected behavior would be for setup.icloud.com query to get
> "10.10.10.10" response, same as for setup.fe.apple-dns.net. Because
> setup.icloud.com is a CNAME pointing to setup.fe.apple-dns.net


<screenshot>
$ dig @9.9.9.9 -t A setup.icloud.com

; <<>> DiG 9.16.13-Debian <<>> @9.9.9.9 -t A setup.icloud.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30811
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;setup.icloud.com.		IN	A

;; ANSWER SECTION:
setup.icloud.com.	3371	IN	CNAME	setup.fe.apple-dns.net.
setup.fe.apple-dns.net.	19	IN	A	17.248.177.5
setup.fe.apple-dns.net.	19	IN	A	17.248.176.36
setup.fe.apple-dns.net.	19	IN	A	17.248.176.50
setup.fe.apple-dns.net.	19	IN	A	17.248.177.40
setup.fe.apple-dns.net.	19	IN	A	17.248.176.237
setup.fe.apple-dns.net.	19	IN	A	17.248.176.41
setup.fe.apple-dns.net.	19	IN	A	17.248.176.233
setup.fe.apple-dns.net.	19	IN	A	17.248.176.48

;; Query time: 28 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: do nov 25 18:44:52 CET 2021
;; MSG SIZE  rcvd: 209
</screenshot>


As I see it:

 * the `dig -t A setup.icloud.com` is one single request
 * the response comes from one single upstream server
 * there is no need for Dnsmasq to redact the response


My advise to original poster is to add
 address=/setup.icloud.com/10.10.10.10
to the configuration.


Groeten
Geert Stappers
-- 
Silence is hard to parse

More information about the Dnsmasq-discuss mailing list