Subdomain resolution with 1.1.1.1


#1

We recently switched our setup to use 1.1.1.1 as our main DNS. We have a somewhat atypical DNS setup and we noticed that requests to sub3.sub2.sub1.oursite.com through 1.1.1.1 get routed to us as sub1.oursite.com (discarding anything before sub1). At the same time, 8.8.8.8 and most other DNS services do forward the entire request.

e.g: dig sub3.sub2.sub1.oursite.com @1.1.1.1    results in sub1.oursite.com request on our internal DNS
e.g: dig sub3.sub2.sub1.oursite.com @8.8.8.8    results in sub3.sub2.sub1.oursite.com request on our internal DNS

Would you be able to point me to some resource as to why this is happening with 1.1.1.1 and how that can be mitigated?


#2

Yes! We’re using DNS Query Name Minimisation and it is described in more detail here:


By only using DNS Query Name Minimisation defined in RFC7816, DNS resolver, 1.1.1.1, reduces the information leaked to intermediary DNS servers, like the root and TLDs. That means that DNS resolver, 1.1.1.1, only sends just enough of the name for the authority to tell the resolver where to ask the next question.

And we are using the knot resolver mentioned in https://tools.ietf.org/html/rfc7816


#3

Perfect. This is exactly what I’ve been looking for. Thanks!


#4

This topic was automatically closed after 14 days. New replies are no longer allowed.