CNAME flattening still applied after being disabled
I've disabled CNAME flattening yesterday in my setups. The setting unfortunately is not applied to my configuration and the names (at least one, haven't check others) is still flattened:
coen:~> dig @2a07:a8c0::ba:1892 ad.doubleclick.net
; <<>> DiG 9.11.26-RedHat-9.11.26-6.el8 <<>> @2a07:a8c0::ba:1892 ad.doubleclick.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31243
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ad.doubleclick.net. IN A
;; ANSWER SECTION:
ad.doubleclick.net. 296 IN A 216.58.214.70
;; Query time: 8 msec
;; SERVER: 2a07:a8c0::ba:1892#53(2a07:a8c0::ba:1892)
;; WHEN: pią lut 25 09:16:17 CET 2022
;; MSG SIZE rcvd: 63
To compare, this is what Cloudflare DNS reports:
coen:~> dig @1.1.1.1 ad.doubleclick.net
; <<>> DiG 9.11.26-RedHat-9.11.26-6.el8 <<>> @1.1.1.1 ad.doubleclick.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6889
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;ad.doubleclick.net. IN A
;; ANSWER SECTION:
ad.doubleclick.net. 86394 IN CNAME dart.l.doubleclick.net.
dart.l.doubleclick.net. 294 IN A 216.58.212.230
;; Query time: 5 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: pią lut 25 09:16:26 CET 2022
;; MSG SIZE rcvd: 84
Please fix as I still need DNSSEC and it breaks it even for ALLOWED services. And no, DoT/DoH is not an option here.
Reply
Content aside
- 2 yrs agoLast active
- 148Views
-
3
Following