Issue with resolving hostname when using Turris resolver

Hello, I would like to know, why Turris DNS resolver does not resolve correctly domain name (DNS forwarding is switched off, when switched on, it works correctly).

;; ANSWER SECTION:        38400   IN      CNAME

When using Google’s DNS it looks like this:

dig @
;; ANSWER SECTION:        10260   IN      CNAME     10260   IN      A

I mean the Turris DNS resolution is OK. You are asking for and correct answer is not the IP address but the name Reason is the is CNAME (i.e. alias) DNS record. It is not A-record.
Google DNS automatically appends second answer for supposed (but not sent!!!) next request:
What is IP address for

DNS normal resolution procedure:

  1. Client (e.g. web browser) sends DNS request: What is IP for
  2. DNS server sends back a response: (The record is CNAME)
  3. Client sends DNS request: What is IP for
  4. DNS server sends back a response:


dig  +trace
dig  @  +trace

DNS fault would be if your router does not send response for request:
What is IP for

Thank you for the explanation, but where is the issue then? When I set Turris DNS resolver, it won’t open the page IP address for is mentioned above -

seems like almost every public resolver includes the a-record in the answer for the cname.

but on a quick look i have not found a option for unbound/knot which would enable this.
you probably have to switch to dns-forwarding with dnsmasq for now, if you depend on this behavior.

That resolution is not OK, as following the CNAME is a mandatory part of recursive service.

@riham (or anyone else reproducing this) I’m unable to reproduce this particular problem locally, even with knot-resolver-1.1.1. Do you have any non-standard resolver settings? Does it still (sometimes) fail? I wonder if something around NS might’ve changed in the meantime.

As the case seems rather similar to Domény třetího řádu , I’d hope that our recent changes also fix your problem (not released yet).