Share via

DNS - Received CNAME is not resolved by a wildcard A-Record

Chris Schauer 1 Reputation point
2022-01-28T16:59:10.527+00:00

Hi all,

I have a question regarding the DNS Server on a Windows Server 2019. I got no IP-Resolution if combining a CNAME with a Wildcard Record of Type A (or AAAA).

We tried the following:

  • cliens try to resolve e.g.: node-1.app.global.tld
  • the dns server (windows Server 2019, recursive) has no zone information for app.global.tld. So, the query is forwarded and is responded with an CNAME e.g. node-1.app.something.tld
  • on the dns is a Wildcard A-Record (in a primary zone) defined like: *.app.something.tld -> 1.2.3.4.

When testing the resolution only the CNAME is included in the ANSWER section. There is no IP-Address resolved.

Regarding RFC-1034 (https://www.rfc-editor.org/rfc/rfc1034#section-3.6.2) and the RFC-4952 (https://datatracker.ietf.org/doc/html/rfc4592#section-4.3)
it should work, if I understand the RFCs correct. A test with a bind9 server shows the correct resolved IP-Address besides the CNAME.

Did I miss something?

Regards
Chris

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,035 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,511 Reputation points
    2022-01-31T20:43:37.21+00:00

    Hello @Chris Schauer

    Using a CNAME records in DNS presumes that you are pointing to a Fully Qualified Domain Name, as it is a record used to point to Canonical Names only.

    In your typical case, you are trying to point a CNAME to your domain ’@’ which can only point an IP. As far as I know that kind of records, I would not use that kind of CNAME in my DNS zone file.

    You can solve this issue in 2 ways :

    You could point the ‘www’ subdomain to the PTR record of your IP address, and match the FQDN requirements to use a CNAME in your record.
    You could use a second A record to point your 'www’ subdomain to the same IP as your domain. This solution is less elegant as it will need you update your DNS zone file twice each time an IP changes in your design.

    Hope this helps with your query,

    ----------

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  2. Chris Schauer 1 Reputation point
    2022-02-01T11:52:13.477+00:00

    Hi @Limitless Technology ,

    thanks for you're help.

    I'm not sure we have the same view on the issue. The CNAME record comes from another DNS-Server which I can't manage.
    E.g. node-1.app.global.tld. canonical name: node-1.app.something.tld.

    On my DNS I want resolve everything on *.app.something.tld. (Wildcard A-Entry) to one IP. Background: Node names might be dynamically created.

    0 comments