[openstack-dev] [neutron][dnsmasq]DNS redirection by dnsmasq

Carl Baldwin carl at ecbaldwin.net
Thu Feb 18 22:22:28 UTC 2016


On Tue, Feb 16, 2016 at 11:55 PM, Zhi Chang <changzhi at unitedstack.com> wrote:
> DNS redirection is our customer's needs. Customer has their own CDN. They
> want to save traffic in CDN so that they can cost less money.
> So they let us hijack some domain names. We used dnsmasq "--cname" option to
> satisfy their needs. So I think that maybe we can add
> "cnames" into subnet's attributes.

So, you add a CNAME for something like mycdn.somedomain.com and send
it somewhere local.  Is that what you mean by hijack?  Could you
provide a contrived example of how one of these CNAMEs might look?

Right now, you might be able to accomplish this by pointing dnsmasq to
your own upstream DNS resolvers which have the CNAMEs.  Or, do the
CNAMEs need to be tenant/network specific?  You could also bypass
dnsmasq by setting the dns servers on the subnets to go to some
external server.

> BTW, I'm not quite understand about "--cname is limited to target names
> known by dnsmasq itself". Could you give me some explanation about it?

>From the dnsmasq man page:

--cname=<cname>,<target>

Return a CNAME record which indicates that <cname> is really <target>.
There are significant limitations on the target; it must be a DNS name
which is known to dnsmasq from /etc/hosts (or additional hosts files),
from DHCP, from --interface-name or from another --cname. If the
target does not satisfy this criteria, the whole cname is ignored. The
cname must be unique, but it is permissable to have more than one
cname pointing to the same target.

Carl



More information about the OpenStack-dev mailing list