Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Local DNS resolution for subdomains #1650

Open
newtoat opened this issue Nov 30, 2024 · 1 comment
Open

Local DNS resolution for subdomains #1650

newtoat opened this issue Nov 30, 2024 · 1 comment

Comments

@newtoat
Copy link

newtoat commented Nov 30, 2024
edited
Loading

I've recently spun up blocky, mostly for local DNS resolution rather than the blocking functionality (though i'll be adding that in the future).

One thing that is confusing me, and this may be misconfiguration on my part, is that subdomains are resolving when I wouldn't expect them to.

A very trimmed version of my config file:

    customDNS:
      customTTL: 1h
      filterUnmappedTypes: true
      zone: |
        $ORIGIN domain.com.
        $TTL 86400

        ;; Ingress
        nginx-k8s     IN  A       192.168.0.11

        ;; Services
        dev        IN  CNAME   nginx-k8s

I can resolve dev.domain.com as expected and resolves to 192.168.0.11.
However any subdomain of dev, e.g. test.dev.domain.com, also gets resolved to 192.168.0.11 rather than returning NXDOMAIN and/or forwarding upstream.

This is causing issues with me being able to (re)generate certificates for ingress-nginx as cert-manager is unable to validate the DNS records it creates.
When requesting a certificate cert-manager creates a TXT file in Cloudflare for _acme-challenge..domain.com. Blocky then resolves _acme-challenge..domain.com to whatever is configured for .domain.com - preventing cert-manager from validating the record and issuing the certificate.

I've tried adding

    conditional:
      fallbackUpstream: true

and

    conditional:
      fallbackUpstream: true
      mapping:
        .: 8.8.8.8

to my Blocky config, but haven't had any success with stopping subdomains from being resolved when not explicitly listed in the zone field.
@newtoat
Copy link
Author

newtoat commented Dec 10, 2024

I looked into this a bit more and I think this is the expected behavior looking at https://github.com/0xERR0R/blocky/blob/main/resolver/custom_dns_resolver.go - Specifically around line 155.

Personally I would expect local DNS not to resolve subdomains unless there is an explicit record for it, and if not found, to then check the upstream server(s).

I suspect there may be wider implications to altering the way the resolver operates, so this is probably more of a feature request than a bug/question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@newtoat