As far as I know, there is no technical or security reason why a Dnsmasq-like server would *need* this limitation, but Dnsmasq has it due to design limitiations.
Dnsmasq either responds to a request entirely locally (using /etc/hosts, records from the config file, and records from DHCP) or relies on the upstream server to provide the complete response. Since replies with CNAMEs must include the target record as well, a local CNAME to an upstream A/AAAA/etc. would have to combine a local and upstream response. That's not possible with Dnsmasq's design.. Nick On Sat, Nov 6, 2021, at 4:47 PM, Salatiel Filho wrote: > Thanks, but I would like to know the reason why there is that limitation. > Maybe Simon could explain the reason behind it. > > > Atenciosamente/Kind regards, > Salatiel > > > > On Sat, Nov 6, 2021 at 4:58 PM Horn Bucking <buckh...@weibsvolk.org> wrote: >> >> Hi, why does dnsmasq cname require an entry on /etc/hosts? >> >> From the dnsmasq man page: >> >> --cname=<cname>,[<cname>,]<target>[,<TTL>] >> Return a CNAME record which indicates that <cname> is really <target>. There >> is a significant limitation on the target; it must be a DNS record which is >> known to dnsmasq and NOT a DNS record which comes from an upstream server. >> > > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
