# Using ALIAS records
The ALIAS record provides a way to have CNAME-like behaviour on the zone apex.
-In order to correctly serve ALIAS records, set the [`resolver`](settings.md#resolver)
-setting to an existing resolver:
+In order to correctly serve ALIAS records, set the [`resolver`](settings.md#resolver) setting to an existing resolver and enable [`expand-alias`](settings.md#expand-alias):
```
resolver=[::1]:5300
+expand-alias=yes
```
and add the ALIAS record to your zone apex. e.g.:
or should not look up the addresses themselves. Note that slaves will not
automatically follow changes in those A/AAAA records unless you AXFR regularly.
+**note:** The `expand-alias` setting does not exist in PowerDNS Authoritative Server 4.0.x.
+Hence, ALIAS records are always expanded on a direct A or AAAA query.
+
## ALIAS and DNSSEC
Starting with the PowerDNS Authoritative Server 4.0.0, DNSSEC 'washing' of ALIAS
records is supported on AXFR (**not** on live-signing). Set `outgoing-axfr-expand-alias`
Entropy source file to use.
+## `expand-alias`
+* Boolean
+* Default: no
+* Since: 4.1.0
+
+If this is enabled, ALIAS records are expanded (synthesised to their A/AAAA).
+
+If this is disabled (the default), ALIAS records will not expanded and the server will will return NODATA for A/AAAA queries for such names.
+
+**note**: [`resolver`](#resolver) must also be set for ALIAS expansion to work!
+
+**note**: In PowerDNS Authoritative Server 4.0.x, this setting did not exist and ALIAS was always expanded.
+
## `forward-dnsupdate`
* Boolean
* Default: no
::arg().set("include-dir","Include *.conf files from this directory");
::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
+ ::arg().setSwitch("expand-alias", "Expand ALIAS records")="no";
::arg().setSwitch("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR")="no";
::arg().setSwitch("8bit-dns", "Allow 8bit dns queries")="no";
::arg().setSwitch("axfr-lower-serial", "Also AXFR a zone from a master with a lower serial")="no";
{
++s_count;
d_doDNAME=::arg().mustDo("dname-processing");
+ d_doExpandALIAS = ::arg().mustDo("expand-alias");
d_logDNSDetails= ::arg().mustDo("log-dns-details");
d_doIPv6AdditionalProcessing = ::arg().mustDo("do-ipv6-additional-processing");
string fname= ::arg()["lua-prequery-script"];
weRedirected=1;
if(DP && rr.dr.d_type == QType::ALIAS && (p->qtype.getCode() == QType::A || p->qtype.getCode() == QType::AAAA || p->qtype.getCode() == QType::ANY)) {
+ if (!d_doExpandALIAS) {
+ L<<Logger::Info<<"ALIAS record found for "<<target<<", but ALIAS expansion is disabled."<<endl;
+ continue;
+ }
haveAlias=getRR<ALIASRecordContent>(rr.dr)->d_content;
}
bool d_logDNSDetails;
bool d_doIPv6AdditionalProcessing;
bool d_doDNAME;
+ bool d_doExpandALIAS;
std::unique_ptr<AuthLua> d_pdl;
std::unique_ptr<AuthLua4> d_update_policy_lua;
$RUNWRAPPER $PDNS --daemon=no --local-port=$port --config-dir=. \
--config-name=$backend --socket-dir=./ --no-shuffle \
--dnsupdate=yes --resolver=8.8.8.8 --outgoing-axfr-expand-alias=yes \
+ --expand-alias=yes \
--cache-ttl=$cachettl --dname-processing \
--disable-axfr-rectify=yes $lua_prequery &
projects / pdns / commitdiff