providing CNAMEs for local data
Michael Tokarev
mjt at tls.msk.ru
Tue Nov 22 12:27:57 UTC 2022
Hello!
Here is me again with the same (well, almost) question.
Why CNAMEs does not work in local-data? I mean, unbound
recognizes them and returns them, but it does not expand
them. A stub resolver, when asked for an A record,
expects the returned CNAME record(s) to be expanded to
the final A record, it does not expect to repeat the query
with a new name (the one which CNAME points to).
What's the issue with recursive expanding CNAMEs in local-data?
And lacking that, what's the other way to configure site-
or location-specific overrides for certain names, which
should be CNAMEs (A records don't work due to Kerberos
SPNs).
For example, we've a domain and a few geographically-spread
offices, each office is supposed to have its own proxy, email
server, file server and stuff like that. This is also an
AD DC domain. I thought about a single domain zone and local
overrides for certain commonly used names. But once again
faced this issue with unbound who is unable to resolve
(expand) CNAMEs in local-data or somesuch.
(Yes, I know there's another way, to give each office a
subdomain with the local names specified there, and specify
all other names in the main domain. But that doesn't work
because windows machines always query in its AD Domain
name first, and in DHCP-provided suffix next, - so I have
to override this at the resolver level).
Why can't unbound expand CNAMEs in local-data?
Thanks!
/mjt
More information about the Unbound-users
mailing list