On Sat, Apr 16, 2022 at 08:13:27PM +0300, Анна Тихомирова via Dnsmasq-discuss wrote: > Hello. > > I'm using dnsmasq version 2.86. > > I've found that address option works incorrectly if the target domain is a > cname. > > Here is an example: > > 1) Add a domain to dnsmasq configuration: > > address=/api.ott.kinopoisk.ru/::
??? Is address=/api.ott.kinopoisk.ru/::1 meant? > 2) Make a DNS query for this domain. Everything is fine now: dnsmasq replies > with an IPv4 address received from the upstream DNS server and an IPv6 > address from the configuration file > > root@veronika:~# nslookup api.ott.kinopoisk.ru > Server: 127.0.0.1 > Address: 127.0.0.1:53 > > Name: api.ott.kinopoisk.ru > Address: :: > > Non-authoritative answer: > api.ott.kinopoisk.ru canonical name = > ott-api-production-balancer.ott.yandex.net > Name: ott-api-production-balancer.ott.yandex.net > Address: 93.158.134.102 > > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 query[A] > api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 > forwarded api.ott.kinopoisk.ru to 213.234.192.7 > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 420 127.0.0.1/58719 > query[AAAA] api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 420 127.0.0.1/58719 config > api.ott.kinopoisk.ru is :: > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 reply > api.ott.kinopoisk.ru is <CNAME> > Sat Apr 16 19:13:20 2022 daemon.info dnsmasq[1]: 419 127.0.0.1/58719 reply > ott-api-production-balancer.ott.yandex.net is 93.158.134.102 > > 3) You may repeat a query and everything is still fine: > > root@veronika:~# nslookup api.ott.kinopoisk.ru > Server: 127.0.0.1 > Address: 127.0.0.1:53 > > Non-authoritative answer: > api.ott.kinopoisk.ru canonical name = > ott-api-production-balancer.ott.yandex.net > Name: ott-api-production-balancer.ott.yandex.net > Address: 93.158.134.102 > > Name: api.ott.kinopoisk.ru > Address: :: > > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 query[A] > api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 cached > api.ott.kinopoisk.ru is <CNAME> > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 431 127.0.0.1/34089 cached > ott-api-production-balancer.ott.yandex.net is 93.158.134.102 > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 > query[AAAA] api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 cached > api.ott.kinopoisk.ru is <CNAME> > Sat Apr 16 19:13:26 2022 daemon.info dnsmasq[1]: 432 127.0.0.1/34089 config > api.ott.kinopoisk.ru is :: > > 4) Now query the original domain to which our configured domain points to: > > root@veronika:~# nslookup ott-api-production-balancer.ott.yandex.net > Server: 127.0.0.1 > Address: 127.0.0.1:53 > > Non-authoritative answer: > Name: ott-api-production-balancer.ott.yandex.net > Address: 93.158.134.102 > > Non-authoritative answer: > Name: ott-api-production-balancer.ott.yandex.net > Address: 2a02:6b8::272 > > > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 442 127.0.0.1/51782 query[A] > ott-api-production-balancer.ott.yandex.net from 127.0.0.1 > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 442 127.0.0.1/51782 cached > ott-api-production-balancer.ott.yandex.net is 93.158.134.102 > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 > query[AAAA] ott-api-production-balancer.ott.yandex.net from 127.0.0.1 > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 > forwarded ott-api-production-balancer.ott.yandex.net to 213.234.192.7 > Sat Apr 16 19:13:33 2022 daemon.info dnsmasq[1]: 443 127.0.0.1/51782 reply > ott-api-production-balancer.ott.yandex.net is 2a02:6b8::272 > > 5) Let's query our configured domain again. Now you can see that dnsmasq > starts to reply with IPv6 from upstream server instead of our configured > IPv6: > > root@veronika:~# nslookup api.ott.kinopoisk.ru > Server: 127.0.0.1 > Address: 127.0.0.1:53 > > Non-authoritative answer: > api.ott.kinopoisk.ru canonical name = > ott-api-production-balancer.ott.yandex.net > Name: ott-api-production-balancer.ott.yandex.net > Address: 93.158.134.102 > > Non-authoritative answer: > api.ott.kinopoisk.ru canonical name = > ott-api-production-balancer.ott.yandex.net > Name: ott-api-production-balancer.ott.yandex.net > Address: 2a02:6b8::272 > > > Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 query[A] > api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached > api.ott.kinopoisk.ru is <CNAME> > Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 458 127.0.0.1/35410 cached > ott-api-production-balancer.ott.yandex.net is 93.158.134.102 > Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 > query[AAAA] api.ott.kinopoisk.ru from 127.0.0.1 > Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 cached > api.ott.kinopoisk.ru is <CNAME> > Sat Apr 16 19:13:37 2022 daemon.info dnsmasq[1]: 459 127.0.0.1/35410 cached > ott-api-production-balancer.ott.yandex.net is 2a02:6b8::272 > I don't understand what Original Poster is trying to tell. I suggest that OP adds "the why" on the configuration plus "expecting to see" to the `nslook` output and the dnsmasq log entries. Groeten Geert Stappers -- Silence is hard to parse _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
