fonts.gstatic.com wrong record lookup
I noticed a domain, which is getting a A and AAAA record as a lookup, but is normally a CNAME record. As CNAME Flatting is disabled for my configuration, so i think this is a bug.
Normally this would be the request:
dig CNAME +additional fonts.gstatic.com. @188.8.131.52 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.8 <<>> CNAME +additional fonts.gstatic.com. @184.108.40.206 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54410 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;fonts.gstatic.com.INCNAME ;; ANSWER SECTION: fonts.gstatic.com.285INCNAMEgstaticadssl.l.google.com. ;; Query time: 21 msec ;; SERVER: 220.127.116.11#53(18.104.22.168) ;; WHEN: Sun Aug 29 08:01:37 2021 ;; MSG SIZE rcvd: 71
But the cname domain is not looked up at NextDNS:
I think its a generell problem with cnames since I have tested more CNAME records and all result in this. The problem with this is, that cname blocking isn't working correctly. "gstaticadssl.l.google.com." is on every energized list. So far it should be blocked, if you have picked the list. Currently it doesn't block.
Thanks for the clarification. That was new for me. Then there is still a but with cname blocking and energized lists. "gstaticadssl.l.google.com" is still on the blocklists and is a cname of "fonts.gstatic.com". And it is not blocked if I choose one of the energized lists. i would expect the cname blocking to work in this case.