Hi Dimitris, On 6 Jun 2022, at 18:01, Dimitris Chryssanthakopoulos via Unbound-users wrote:
> Let me illustrate by an example, comparing what I get now and what I want > > to get (what NextDNS does with "CNAME flattening"): "CNAME flattening" is a feature that is part of some authoritative server products. It is not part of the DNS protocol, and it is nothing that a DNS resolver such as Unbound can do. > > normally, I query for "gravityzone.bitdefender.com" and I get a reply that: > > \- "gravityzone.bitdefender.com" is a CNAME for "someserver.on.amazon.aws", > > AND > > \- "someserver.on.amazon.aws" has A record "212.216.124.1", AND > > \- "someserver.on.amazon.aws" has A record "212.216.124.33" > > what I need is to query for "gravityzone.bitdefender.com" and get a reply: > > \- "gravityzone.bitdefender.com" has A record "212.216.124.1", AND > > \- "gravityzone.bitdefender.com" has A record "212.216.124.33" > > When querying NextDNS, with CNAME Flattening enabled in Settings (far right > > tab of setup WebGUI) the second scenario occurs. The reason I ask here is > > that I understand NextDNS use Unbound. > > The DNS replies from Unbound will be used in my router to create dynamic > > firewall rules. If I get regular DNS replies, I have to figure out the > > CNAME chain myself with scripting on my router, which is too slow. (Often, > > the CNAME chain is longer, and I need to recursively check a tree of CNAME > > records and A records.) > > If I get DNS replies like the second scenario, it is reasonably fast to run > > a few statements for every entry in the router's DNS cache (for A records > > only). In other words, I want to offload some processing from the router to > > Unbound. Hope this clarifies. To reach your goal, I recommend to filter out all the CNAME responses and only process the A/AAAA Record responses. A DNS resolver (such as Unbound) will return all CNAME entries in the chain, as well as the final address records (if they exist). A (simple/naive) scripting solution could be dig gravityzone.bitdefender.com +short | grep -E '([0-9]{1,3}[\.]){3}[0-9]{1,3}' Greetings Carsten