Re: [Dnsmasq-discuss] Wildcard CNAMEs - unexpected behaviour.

[Stephen Howell]

Hi,

I had some issues with the DHCP entries not being included when I made the
server authoritative for the .local domain, as I was populating .local from
DHCP leases in dnsmasq also.

Is this configuration of authoritative + DHCP entries supposed to work?

thanks
Stephen

On Sat, 2 Jun 2018 at 18:09 Simon Kelley  wrote:

> On 29/05/18 23:11, Stephen Howell wrote:
> > Hi,
> >
> > I'm an occasional sysadmin and I was looking to setup a round-robin
> > wildcard CNAME for a test project at home. I checked the dnsmasq docs
> > and saw:
> >
> > *--cname* as long as the record name is in the authoritative domain. If
> > the target of the CNAME is unqualified, then it is qualified with the
> > authoritative zone name. CNAME used in this way (only) may be wildcards,
> > as in
> >
> > *cname=*.example.com <http://example.com>,default.example.com
> > <http://default.example.com>*
> >
> > *
> > *
> >
> > I figured out that the A records would need to be added as /etc/hosts
> > entries so I did so then added a couple of lines in my config to be
> > authoritative for this one zone and create the CNAME:
> >
> >
> > auth-zone=local,127.0.0.0/24,192.168.0.0/16,br-lan
> > <http://127.0.0.0/24,192.168.0.0/16,br-lan>
> cname=*.k8s.local,app.k8s.local
> >
> > This *should* have created a DNS record that responds to queries for
> > "app2.k8s.local", "app3.k8s.local" etc. That does not happen, any
> > request for sub-domains below k8s.local returns empty data.
> >
> > Instead what I have is a record that responds to the *literal form* of
> > "*.k8s.local"!!
> >
> > $ dig *.k8s.local @192.168.0.2 <http://192.168.0.2>
> >
> > ; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> *.k8s.local @192.168.1.1 <
> http://192.168.1.1>
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; WARNING: .local is reserved for Multicast DNS
> > ;; You are currently testing what happens when an mDNS query is leaked
> to DNS
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41245
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
> >
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;*.k8s.local. IN  A
> >
> > ;; ANSWER SECTION:
> > *.k8s.local.  0   IN  CNAME   app.k8s.local.
> > app.k8s.local.0   IN  A   192.168.1.11
> > app.k8s.local.0   IN  A   192.168.1.12
> > app.k8s.local.0   IN  A   192.168.1.13
> >
> > ;; Query time: 2 msec
> > ;; SERVER: 192.168.0.2#53(192.168.0.2)
> > ;; WHEN: Tue May 29 22:49:01 BST 2018
> > ;; MSG SIZE  rcvd: 115
> >
> > That is not a wildcard entry! Any idea what happened? DNSmasq is
> > 2.80test2 (current version from the OpenWRT repo).
>
>
> The query was for *.k8s.local, and that's what you got an answer for.
> That's quite correct. Try
>
> dig app.k8s.local @192.168.0.2
>
> Note that running in authoritative mode is a little more complex than
> you've configured: you'll need and auth-server config line as well, for
> instance, and probably a glue record elsewhere in the DNS.
>
>
> Cheers,
>
> Simon.
>
> >
> > I realise that the address=/domain.com/1.1.1.1
> > <http://domain.com/1.1.1.1> form could be used, but that doesn't help
> > create a round-robin entry. How should a wildcard entry for multiple
> > backing hosts be created?
> >
> > Thanks
> > Stephen
> >
> >
> > ___
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss@lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
>
> ___
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
>
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

[Dnsmasq-discuss] Wildcard CNAMEs - unexpected behaviour.

[Stephen Howell]

Hi,

I'm an occasional sysadmin and I was looking to setup a round-robin
wildcard CNAME for a test project at home. I checked the dnsmasq docs and
saw:

*--cname* as long as the record name is in the authoritative domain. If the
target of the CNAME is unqualified, then it is qualified with the
authoritative zone name. CNAME used in this way (only) may be wildcards, as
in

*cname=*.example.com ,default.example.com
*


I figured out that the A records would need to be added as /etc/hosts
entries so I did so then added a couple of lines in my config to be
authoritative for this one zone and create the CNAME:


auth-zone=local,127.0.0.0/24,192.168.0.0/16,br-lan
cname=*.k8s.local,app.k8s.local

This *should* have created a DNS record that responds to queries for
"app2.k8s.local", "app3.k8s.local" etc. That does not happen, any
request for sub-domains below k8s.local returns empty data.

Instead what I have is a record that responds to the *literal form* of
"*.k8s.local"!!

$ dig *.k8s.local @192.168.0.2

; <<>> DiG 9.11.3-1ubuntu1-Ubuntu <<>> *.k8s.local @192.168.1.1
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41245
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;*.k8s.local.   IN  A

;; ANSWER SECTION:
*.k8s.local.0   IN  CNAME   app.k8s.local.
app.k8s.local.  0   IN  A   192.168.1.11
app.k8s.local.  0   IN  A   192.168.1.12
app.k8s.local.  0   IN  A   192.168.1.13

;; Query time: 2 msec
;; SERVER: 192.168.0.2#53(192.168.0.2)
;; WHEN: Tue May 29 22:49:01 BST 2018
;; MSG SIZE  rcvd: 115

That is not a wildcard entry! Any idea what happened? DNSmasq is 2.80test2
(current version from the OpenWRT repo).

I realise that the address=/domain.com/1.1.1.1 form could be used, but that
doesn't help create a round-robin entry. How should a wildcard entry for
multiple backing hosts be created?

Thanks
Stephen
___
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss