Bug 1271 - unexpected result when resolving cnames
unexpected result when resolving cnames
Status: ASSIGNED
Product: unbound
Classification: Unclassified
Component: server
1.5.8
x86_64 Linux
: P5 normal
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-30 11:10 CEST by robbert.muller
Modified: 2017-05-31 14:09 CEST (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description robbert.muller 2017-05-30 11:10:19 CEST
We are trying to result some test infrastructure to a internal ip addresses, while extern it resolves to our firewall

dns records on the public internet
emailservice-test.dealerdirect.eu cname test-srv-new.dealerdirect.io
test-srv-new.dealerdirect.io A 212.178.77.90

unbound config:
server:
	local-data: "test-srv-new.dealerdirect.io A 10.53.2.153"


result:
$ host emailservice-test.dealerdirect.eu localhost
emailservice-test.dealerdirect.eu is an alias for test-srv-new.dealerdirect.io.
test-srv-new.dealerdirect.io has address 212.178.77.90

$ host test-srv-new.dealerdirect.io. localhost
test-srv-new.dealerdirect.io has address 10.53.2.153

with tcpdump i verified that unbound does 2 seperate outgoing dns request

first results in the cname 
second results in the A records

and the result is send to the client


expected result:
both cases result in the internal ipaddress
Comment 1 Wouter Wijngaards 2017-05-30 15:33:18 CEST
Hi Robbert,

The local-data statement is only used to filter user queries.  Queries to the internet (the target of the cname) are resolved on their own, after the local-data filtering step has done.  To make queries to the internet go elsewhere, you would need to add a stub or forward zone to a server that hosts different content.

Best regards, Wouter
Comment 2 robbert.muller 2017-05-31 07:46:46 CEST
Just to make sure i understand your explanation correctly
a forard_zone statement for test-srv-new.dealerdirect.io and forwrding it to localhost would make it work ?
Comment 3 Wouter Wijngaards 2017-05-31 14:09:07 CEST
Hi Robbert,

No, that would direct upstream queries for that name to localhost (where the unbound server is running itself).

You want to add two local-data entries, for both names.

Best regards, Wouter