1

I have compiled dnsmasq v2.76 including support for running its authoritative dns server (NOAUTH removed in the Makefile).

Wildcard subdomains with dnsmasq is possible for the caching part of the server.

I have tried:

  1. host-record=*.domain.tld,1.2.3.4
  2. host-record=.domain.tld,1.2.3.4
  3. host-record=domain.tld,1.2.3.4
  4. address=/domain.tld/1.2.3.4

None of them return the expected answer for www.domain.tld.

How to configure a wildcard A record for the authoritative side?

Community
  • 1
  • 1
Pro Backup
  • 729
  • 14
  • 34

3 Answers3

2

In the to be released dnsmasq version 2.77 there will be a wildcard option for CNAME records.

That can be configured like these examples:

cname=*.domain.tld,domain.tld
cname=*.otherdomain.tld,host.even-another-domain.tld

Since commit b637d7815da89b5fb04c27b1d9a361fe5b2622a0 Tue, 13 Dec 2016 18:44:11 +0200 there is support for CNAME wildcards. Commit 2.77test4 contains the latest addition to the wildcard code.

Pro Backup
  • 729
  • 14
  • 34
  • @CMCDragonkai Upon your request a CNAME configuration example for dnsmasq version 2.77 has been appended. – Pro Backup Jul 14 '17 at 13:49
  • Is that saying any subdomain of `domain.tld` maps to `domain.tld`? And could also be used like `domain.tld` mapping to `otherdomain.tld`? – CMCDragonkai Jul 14 '17 at 14:33
  • @CMCDragonkai Yes, the example is saying to map any subdomain of domain.tld to domain.tld, and **yes** mapping catch-all `*.domain.tld` to `host.otherdomain.tld` is also possible. At least for the case where `host.otherdomain.tld` is configured in the same dnsmasq.conf (Haven't test third-party auth. served `otherdomain.tld`) – Pro Backup Jul 15 '17 at 19:58
  • However this like addr setting doesn't allow wildcards to appear in the middle right? I was looking for something like `localhost.*` to map to `localhost` or `127.0.0.1`. – CMCDragonkai Jul 17 '17 at 05:26
1

As stated in the dnsmasq man page, only some options are used to populate the data for authoritative zones:

When dnsmasq is configured to act as an authoritative server, the following data is used to populate the authoritative zone.

--mx-host, --srv-host, --dns-rr, --txt-record, --naptr-record , as long as the record names are in the authoritative domain.

--cname as long as the record name is in the authoritative domain. If the target of the CNAME is unqualified, then it is qualified with the authoritative zone name.

IPv4 and IPv6 addresses from /etc/hosts (and --addn-hosts ) and --host-record and --interface-name provided the address falls into one of the subnets specified in the --auth-zone.

Addresses of DHCP leases, provided the address falls into one of the subnets specified in the --auth-zone. (If contructed DHCP ranges are is use, which depend on the address dynamically assigned to an interface, then the form of --auth-zone which defines subnets by the dynamic address of an interface should be used to ensure this condition is met.)

In the default mode, where a DHCP lease has an unqualified name, and possibly a qualified name constructed using --domain then the name in the authoritative zone is constructed from the unqualified name and the zone's domain. This may or may not equal that specified by --domain. If --dhcp-fqdn is set, then the fully qualified names associated with DHCP leases are used, and must match the zone's domain.

In particular only host-record, hosts file entries and DHCP leases can generate A/AAAA records and the --address option is not taken into account. Unfortunately, the --address option is the only way to specify A/AAAA responses for a domain and all its subdomains.

dnsmasq does not have a wildcard record feature known from other DNS servers like bind, as stated in my answer to the question you linked.

Community
  • 1
  • 1
Sebastian Schrader
  • 1,453
  • 15
  • 19
0

I see that there is no wildcard support for --server but there is for cname, host etc..

Omer Sen
  • 49
  • 4