On 29/05/18 23:11, Stephen Howell wrote: > Hi, > > I'm an occasional sysadmin and I was looking to setup a round-robin > wildcard CNAME for a test project at home. I checked the dnsmasq docs > and saw: > > *--cname* as long as the record name is in the authoritative domain. If > the target of the CNAME is unqualified, then it is qualified with the > authoritative zone name. CNAME used in this way (only) may be wildcards, > as in > > *cname=*.example.com <http://example.com>,default.example.com > <http://default.example.com>* > > * > * > > I figured out that the A records would need to be added as /etc/hosts > entries so I did so then added a couple of lines in my config to be > authoritative for this one zone and create the CNAME: > > > auth-zone=local,127.0.0.0/24,192.168.0.0/16,br-lan > <http://127.0.0.0/24,192.168.0.0/16,br-lan> cname=*.k8s.local,app.k8s.local > > This *should* have created a DNS record that responds to queries for > "app2.k8s.local", "app3.k8s.local" etc. That does not happen, any > request for sub-domains below k8s.local returns empty data. > > Instead what I have is a record that responds to the *literal form* of > "*.k8s.local"!! > > $ dig *.k8s.local @192.168.0.2 <http://192.168.0.2> > > ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> *.k8s.local @192.168.1.1 > <http://192.168.1.1> > ;; global options: +cmd > ;; Got answer: > ;; WARNING: .local is reserved for Multicast DNS > ;; You are currently testing what happens when an mDNS query is leaked to DNS > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41245 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;*.k8s.local. IN A > > ;; ANSWER SECTION: > *.k8s.local. 0 IN CNAME app.k8s.local. > app.k8s.local. 0 IN A 192.168.1.11 > app.k8s.local. 0 IN A 192.168.1.12 > app.k8s.local. 0 IN A 192.168.1.13 > > ;; Query time: 2 msec > ;; SERVER: 192.168.0.2#53(192.168.0.2) > ;; WHEN: Tue May 29 22:49:01 BST 2018 > ;; MSG SIZE rcvd: 115 > > That is not a wildcard entry! Any idea what happened? DNSmasq is > 2.80test2 (current version from the OpenWRT repo).
The query was for *.k8s.local, and that's what you got an answer for. That's quite correct. Try dig app.k8s.local @192.168.0.2 Note that running in authoritative mode is a little more complex than you've configured: you'll need and auth-server config line as well, for instance, and probably a glue record elsewhere in the DNS. Cheers, Simon. > > I realise that the address=/domain.com/220.127.116.11 > <http://domain.com/18.104.22.168> form could be used, but that doesn't help > create a round-robin entry. How should a wildcard entry for multiple > backing hosts be created? > > Thanks > Stephen > > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasqfirstname.lastname@example.org > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss > _______________________________________________ Dnsmasq-discuss mailing list Dnsmasqemail@example.com http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss