Discussion:
[Dnsmasq-discuss] HOSTS not applied to cannonical names
Dominik DL6ER
2018-06-19 08:58:44 UTC
Permalink
Dear mailing list members,

it appears like that dnsmasq does not check the cache for canonical names.

Assume the following situation: I defined "127.0.0.1 lb2.pi-hole.io" in
/etc/hosts

If I query this domain directly, i.e.
$ dig lb2.pi-hole.net
lb2.pi-hole.io.         2       IN      A       127.0.0.1
then everything works as expected. However, if this domain happens to be
in a reply to a CNAME query, e.g.
$ dig changes.pi-hole.net
changes.pi-hole.net.    3099    IN      CNAME   lb2.pi-hole.io.
lb2.pi-hole.io.         85843   IN      A       45.76.128.97
then dnsmasq ignores my HOSTS file entry and hands out the true record.

I assume the issue here is that dnsmasq forwards "changes.pi-hole.net"
to the upstream server and receives the full reply (incl. the correct A
record of lb2.pi-hole.io) so there is no need to lookup this domain in
the cache.

Is this a bug or is it by design?

Best regards,
Dominik
B. Cook
2018-06-19 10:36:54 UTC
Permalink
Morning sir,

This is the case.

If you look up "Google safe search" and dnsmasq you will see a static
defined forcesafesearch.google.com and then a cname for google.com..

Random Google search below..

https://github.com/RMerl/asuswrt-merlin/wiki/Enforce-Safesearch

I think what you are missing is telling dnsmasq that it is somewhat
authoritative for lb2.pi-hole.io

ie.. it doesn't know about your hosts entry when it's resolving the cname..

I'll send specific example when I get to work..

Three hours or so..
Post by Dominik DL6ER
Dear mailing list members,
it appears like that dnsmasq does not check the cache for canonical names.
Assume the following situation: I defined "127.0.0.1 lb2.pi-hole.io" in
/etc/hosts
If I query this domain directly, i.e.
$ dig lb2.pi-hole.net
lb2.pi-hole.io. 2 IN A 127.0.0.1
then everything works as expected. However, if this domain happens to be
in a reply to a CNAME query, e.g.
$ dig changes.pi-hole.net
changes.pi-hole.net. 3099 IN CNAME lb2.pi-hole.io.
lb2.pi-hole.io. 85843 IN A 45.76.128.97
then dnsmasq ignores my HOSTS file entry and hands out the true record.
I assume the issue here is that dnsmasq forwards "changes.pi-hole.net"
to the upstream server and receives the full reply (incl. the correct A
record of lb2.pi-hole.io) so there is no need to lookup this domain in
the cache.
Is this a bug or is it by design?
Best regards,
Dominik
_______________________________________________
Dnsmasq-discuss mailing list
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
--
Network Analyst
Poughkeepsie City School District
SMS & Mobile: (202) 810-5827
twitter.com/bcookatpcsd

If you can't explain it simply, you don't understand it well enough.
--
This message may contain confidential information and is intended only for
the individual(s) named. If you are not an intended recipient you are not
authorized to disseminate, distribute or copy this e-mail. Please notify
the sender immediately if you have received this e-mail by mistake and
delete this e-mail from your system.
Loading...