Hi, don't know anything about dnsmasq internals, but for DNSSEC it seems extra queries are possible, and the response depends on which flags are set (ad/do). Would certainly be possible for CNAMEs as well, guess it's just not implemented.
On 2021-11-06 at 23:22, Dominick C. Pastore wrote: > As far as I know, there is no technical or security reason why a Dnsmasq-like > server would *need* this limitation, but Dnsmasq has it due to design > limitiations. > > Dnsmasq either responds to a request entirely locally (using /etc/hosts, > records from the config file, and records from DHCP) or relies on the > upstream server to provide the complete response. Since replies with CNAMEs > must include the target record as well, a local CNAME to an upstream > A/AAAA/etc. would have to combine a local and upstream response. That's not > possible with Dnsmasq's design.. > > Nick > > On Sat, Nov 6, 2021, at 4:47 PM, Salatiel Filho wrote: >> Thanks, but I would like to know the reason why there is that limitation. >> Maybe Simon could explain the reason behind it. >> >> >> Atenciosamente/Kind regards, >> Salatiel >> >> >> >> On Sat, Nov 6, 2021 at 4:58 PM Horn Bucking <buckh...@weibsvolk.org> wrote: >>> >>> Hi, why does dnsmasq cname require an entry on /etc/hosts? >>> >>> From the dnsmasq man page: >>> >>> --cname=<cname>,[<cname>,]<target>[,<TTL>] >>> Return a CNAME record which indicates that <cname> is really <target>. >>> There is a significant limitation on the target; it must be a DNS record >>> which is known to dnsmasq and NOT a DNS record which comes from an upstream >>> server. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
