16

I'd like to resolve a domain name somedomain.com to a CNAME (AWS load balancer, e.g. some-balancer-1213231237.ap-southeast-2.elb.amazonaws.com), but only locally.

What I mean to achieve is that whenever I try to visit somedomain.com, I want to be served by the above mentioned load-balancer - this should only be limited to my own computer.

It's not possible to achieve this by editing /etc/hosts as in there only A records (IP addresses) can be mapped. I read somewhere that dnsmasq would be the most robust solution to achieve this. However, the documentation is very unclear about how this can be achieve. I'd appreciate your advice and perhaps a piece of config with an example. Thanks!

luqo33
  • 317
  • 1
  • 3
  • 8

2 Answers2

13

You can add the following to your configuration file in dnsmasq:

cname=somedomain.com,some-balancer-1213231237.ap-southeast-2.elb.amazonaws.com

as specified in the man page:

--cname=<cname>,[<cname>,]<target>[,<TTL>]

Return a CNAME record which indicates that <cname> is really <target>. There are significant limitations on the target; it must be a DNS name which is known to dnsmasq from /etc/hosts (or additional hosts files), from DHCP, from --interface-name or from another --cname. If the target does not satisfy this criteria, the whole cname is ignored. The cname must be unique, but it is permissible to have more than one cname pointing to the same target. Indeed it's possible to declare multiple cnames to a target in a single line, like so: --cname=cname1,cname2,target

If the time-to-live is given, it overrides the default, which is zero or the value of --local-ttl. The value is a positive integer and gives the time-to-live in seconds.

As the man page specifies, you will have to define the target in your /etc/hosts file though:

203.0.113.80   some-balancer-1213231237.ap-southeast-2.elb.amazonaws.com

So I'm not sure this would be very useful to you.

Tommiie
  • 5,547
  • 2
  • 11
  • 45
  • 1
    I get that this is how the dnsmasq manual is written, but them referring to the owner name as `cname` when it's clearly the record data that is the cname (what they call `target`) just makes for very confusing reading (particularly as they keep referring to `cname` in the text, with the opposite meaning of what one would expect). I don't know if there's any way to fix that without just giving up on quoting the manual, though. – Håkan Lindqvist Jan 05 '19 at 15:49
  • 1
    A CNAME record in dnsmasq won't work for this use case. As written in the dnsmaq manual that you quoted: "there are significant limitations on the target". An external target like what @luqo33 mentioned (e.g. `some-balancer-1213231237.ap-southeast-2.elb.amazonaws.com`) won't be accepted by dnsmasq. – dllud Jan 21 '20 at 03:17
  • 4
    Note that at least in version 2.82 this behavior seems to have changed and external targets work as expected. – larsks Nov 20 '20 at 12:43
  • 1
    I can confirm that it works for external targets in 2.81. Using `nslookup`, I can see the canonical name. – dosentmatter Nov 25 '20 at 00:09
  • I can confirm that this does not work for version 2.76-16. "dig" reports the cname record correctly, and I can resolve the target, but dnsmasq doesn't deliver the target's IP directly from the cname. The whole point is that the target is a dynamic address, so it must be provided by an upstream server. – stolenmoment Mar 15 '21 at 16:27
-2

You have to keep in mind, that the to be resolved hostname has to be added to the /etc/hosts file too ! E.g.: the right part in the hosts file:

10.1.1.1 ip1.example.com

dnsmasq.conf entry: cname=cname.example.com,ip1.example.com

Test:

ping  cname.example.com
PING ip1.example.com (10.1.1.1) 56(84) bytes of data.
64 bytes from ip1.example.com (10.1.1.1): icmp_seq=1 ttl=64 time=0.063 ms

That's all it takes ;-)

Hannes Stoolmann
  • 101
  • 2