DNS Forwarder and CNAMEs (again)



  • I know there have been multiple threads about this in the past and I understand why this hasn't been done, so I'm not asking for CNAME support in the DNS Forwarder. (I'd use TinyDNS but the recursive server doesn't seem to be working and Unbound doesn't quite do it for me either.)

    However, CNAMES are really convenient for certain setups (like mine) and I'd like to suggest an alternative. FWIW, I currently have multiple servers running on my internal LAN and they each host a number of services, I use sub domains for each service so I can move services about as needed without reconfiguring clients. This means that each machine has a number of aliases. With my old DNS server I simply had a number of CNAMES, with pfSense I have to have multiple host overrides each setting the same IP. With both IPv4 and IPv6 this adds a lot of management burden.

    My suggestion is to add an "Aliases" section to the DNS forwarder UI, essentially the equivalent of specifying a CNAME, but under the hood the system could resolve the aliases at save time and simply write all the raw host entries into /etc/hosts (both IPv4 and IPv6 entries as appropriate). This keeps the current DNS forwarder functionality but simplifies host management.

    For example, if I have the overrides:
    one.local: 192.168.1.1
    one.local: 2001:470:1234::1
    two.local: 192.168.1.2
    two.local: 2001:470:1234::2

    and the aliases:
    mail.local: one.local
    www.local: one.local
    svn.local: two.local

    then /etc/hosts would contain:
    192.168.1.1 one.local
    192.168.1.1 mail.local
    192.168.1.1 www.local
    2001:470:1234::1 one.local
    2001:470:1234::1 mail.local
    2001:470:1234::1 www.local
    192.168.1.2 two.local
    192.168.1.2 svn.local
    2001:470:1234::2 two.local
    2001:470:1234::2 svn.local

    This is obviously a simplified and trivial example, but for complex setups it would make management a whole lot simpler and less error prone.


Log in to reply