3

Non-wildcard DNS Rewrites

Unless I am missing it, it doesn't appear possible to set non-wildcard entries in the DNS rewrites section, meaning that all subdomains of whatever is entered here are rewritten.

It would be useful if you were able to set whether it is a wildcard or not, so there is the option of only responding to the exact domain with the rewrite, or all subdomains under it.

7replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Do you have a specific use-case  where wildcard is not appropriate?

    Like
      • Adrian
      • Adrian
      • 8 mths ago
      • Reported - view

      NextDNS Hi there, yes, though it's probably a bit niche to be fair -

      I'm trying to work around an issue with a TV supplier, Sky (big company, can't even get them to acknowledge the issue).

      Essentially, they provide on-demand video and to do that they select between two CDNs, one of which works well and the other is terrible.

      The CDN is selected with a lookup to cdn.sky.com - not sure what criteria they're using to select is but unfortunately the crap one comes up most often.

      So I am rewriting the cname at cdn.sky.com to point to the good CDN.

      However, for other things they use subdomains of cdn.sky.com, an example being a561.hsar.cdn.sky.com - obviously with wildcard rewriting this now points to wherever cdn.sky.com is set.

      It does work if I also manually specify a561.hsar.cdn.sky.com to go where it should, but that's just one example of many - they appear to be using the entire a500-a600 range, so not really practical to add every possible one.

      Like
    • Adrian seems like the cdn.sky.com entry is a CNAME chain, you may want to try rewriting on of the CNAMEs in that chain that drive to the "bad" CDN to the CNAME target of the "good" one. This way you won't be rewriting all the cdn.sky.com subdomains but still achieve your intent.

      Like
      • Adrian
      • Adrian
      • 8 mths ago
      • Reported - view

      NextDNS Yeah I give that a go by rewriting ondemand.cdnselector.skycdp.com to cdn.sky.akadns.net, but it doesn't seem to work when I lookup cdn.sky.com, so I assumed the rewrite feature doesn't pick up cnames further down the chain?

      Like
    • Adrian it should. I just tried it and it worked.

      Like
      • Adrian
      • Adrian
      • 8 mths ago
      • Reported - view

      NextDNS Hmmm strange, I have it set like this...

       

       

      But dig shows this

       

      (most of the time - it does sometimes show cdn.sky.akadns.net, I'm assuming that's via the normal operation of whatever load balancing config they have set up)

      If I lookup ondemand.cdnselector.skycdp.com directly using dig then it does change the response as expected, but unfortunately I can't change the endpoint that the device itself tries to use, so it needs to work via cdn.sky.com

      Like
  • Another use case for this request, I have a Traefik container on the network that generates certificates using Let's Encrypt. It has the DNS challenge provider set, which creates verify DNS records like this "_verify.record.domain.com".
    Any rewrites that are created for this "record.domain.com" address will automatically reply for the _verify subdomain, which breaks the DNS challenge, which breaks the certificate issuance.

    From my pre-existing firewall DNSMasq overrides, I used to add "host-record=record.domain.com" rather than the wildcard style syntax "address=record.domain.com".

    Like
Like3 Follow
  • 3 Likes
  • 5 mths agoLast active
  • 7Replies
  • 143Views
  • 4 Following