No subject

Felipe Gasper felipe at felipegasper.com
Mon Jun 6 16:14:51 UTC 2022 


> On Jun 6, 2022, at 12:01, Dimitris Chryssanthakopoulos via Unbound-users <unbound-users at lists.nlnetlabs.nl> wrote:
> 
> BTW, sorry for posting without a subject, it was by accident...
> 
> 
> Let me illustrate by an example, comparing what I get now and what I want to get  (what NextDNS does with "CNAME flattening"):
> 
> normally, I query for "gravityzone.bitdefender.com" and I get a reply that: 
> 
>  - "gravityzone.bitdefender.com" is a CNAME for "someserver.on.amazon.aws", AND 
>  - "someserver.on.amazon.aws" has A record "212.216.124.1", AND 
>  - "someserver.on.amazon.aws" has A record "212.216.124.33"
> 
> what I need is to query for "gravityzone.bitdefender.com" and get a reply:
> 
>  - "gravityzone.bitdefender.com" has A record "212.216.124.1", AND 
>  - "gravityzone.bitdefender.com" has A record "212.216.124.33"
> 
> When querying NextDNS, with CNAME Flattening enabled in Settings (far right tab of setup WebGUI) the second scenario occurs. The reason I ask here is that I understand NextDNS use Unbound.
> 
> The DNS replies from Unbound will be used in my router to create dynamic firewall rules. If I get regular DNS replies, I have to figure out the CNAME chain myself with scripting on my router, which is too slow. (Often, the CNAME chain is longer, and I need to recursively check a tree of CNAME records and A records.) 
> 
> If I get DNS replies like the second scenario, it is reasonably fast to run a few statements for every entry in the router's DNS cache (for A records only). In other words, I want to offload some processing from the router to Unbound. Hope this clarifies. 

I’m not sure how you’re running queries, but the following Perl seems to do what you want:

> perl -MDNS::Unbound -E'say join ".", unpack "C*" for DNS::Unbound->new()->resolve("gravityzone.bitdefender.com", "A")->data()->@*'
54.208.231.228
54.85.28.21

If you need IPv6 instead, tweak it to:

> perl -MDNS::Unbound -E'say join ":", unpack "(H4)*" for DNS::Unbound->new()->resolve("facebook.com", "AAAA")->data()->@*'
2a03:2880:f111:0083:face:b00c:0000:25de

-FG

More information about the Unbound-users mailing list