Hi @vcunat,
Sorry for the late reply, but with corona and everything the issues lost a bit of attention. Nevertheless I still have problems but maybe my solution is just wrong.
As to your suggestion I have removed the del, add, insert stuff and now my config has 3 lines like this:
policy:add(policy.suffix(policy.STUB(‘192.168.10.50’), policy.todnames({‘ad.shadowsrealm.ch’})))
policy:add(policy.suffix(policy.STUB(‘8.8.8.8’), policy.todnames({‘dyndns.org’})))
policy:add(policy.pattern(policy.STUB(‘8.8.8.8’), ‘shadowsrealm\2ch’))
Much cleaner I have to agree. And what works perfectly is first and last line. So for example resolving AD1.ad.shadowsrealm.ch returns 192.168.10.50 (yes the hostname is the same as the machine running the DNS). What also works is anything ending in shadowsrealm.ch for example freepbx.shadowsrealm.ch, or imap.shadowsrealm.ch, etc. here’s an example:
$ nslookup freepbx.shadowsrealm.ch
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: freepbx.shadowsrealm.ch
freepbx.shadowsrealm.ch canonical name = shadowsrealm.ch
Name: shadowsrealm.ch
Address 1: 178.82.30.225
freepbx.shadowsrealm.ch canonical name = shadowsrealm.ch
However what doesn’t work is resolving subdomains of dyndns.org, here’s the example output this time of “dig” because it shows more info.
; <<>> DiG 9.12.4-P2 <<>> members.dyndns.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38981
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;members.dyndns.org. IN A
;; ANSWER SECTION:
members.dyndns.org. 72215 IN CNAME vip.web1-05-ussnn1.prod.dc.dyndns.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 28 08:10:09 CEST 2020
;; MSG SIZE rcvd: 98
And this CNAME itself is not valid IP and anything concerning this hostname just cannot resolve it, for example trying to ping it results in “ping: bad address ‘members.dyndns.org’”. I know that the dns server I have to use actually have some problems like this so I try to just direct everything that’s problematic to google’s dns resolvers like with the 2nd rule. And actually if I do a "dig members.dyndns.oirg 8.8.8.8 I get a much more detailed output and also an IP.
dig members.dyndns.org 8.8.8.8
; <<>> DiG 9.12.4-P2 <<>> members.dyndns.org 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20927
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;members.dyndns.org. IN A
;; ANSWER SECTION:
members.dyndns.org. 72119 IN CNAME vip.web1-05-ussnn1.prod.dc.dyndns.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 28 08:11:45 CEST 2020
;; MSG SIZE rcvd: 98
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33153
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;8.8.8.8. IN A
;; AUTHORITY SECTION:
. 72165 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020042702 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Apr 28 08:11:45 CEST 2020
;; MSG SIZE rcvd: 111
so this example shows that rule 2 for whatever reason is not working, otherwise it should have returned the correct answer from google.
But I have now enabled verbose logs and will send you the logs.