I have verified the fix using systemd 245.4-4ubuntu3.23 from focal-proposed.
On the host, I have a Focal container, and killed the existing DNS servers:
nr@clean-jammy-amd64:~$ lxc list +-------+---------+------+----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-------+---------+------+----------------------------------------------+-----------+-----------+ | focal | RUNNING | | fd42:b04:cc58:1a82:216:3eff:fe28:d8d9 (eth0) | CONTAINER | 0 | +-------+---------+------+----------------------------------------------+-----------+-----------+ nr@clean-jammy-amd64:~$ systemctl stop systemd-resolved nr@clean-jammy-amd64:~$ kill -9 $(pgrep dnsmasq)
Then, I start a new DNS server with a record which contains 10 CNAME redirects:
nr@clean-jammy-amd64:~$ sudo dnsmasq --cname=test10.lan,test9.lan --cname=test9.lan,test8.lan --cname=test8.lan,test7.lan --cname=test7.lan,test6.lan --cname=test6.lan,test5.lan --cname=test5.lan,test4.lan --cname=test4.lan,test3.lan --cname=test3.lan,test2.lan --cname=test2.lan,test1.lan --cname=test1.lan,test0.lan -k -i lxdbr0 -z -I lo --host-record=test0.lan,192.168.122.143
...
In the container, I have systemd installed from focal-proposed, and I was able to successfully make the query despite more than 8 CNAME redirects:
root@focal:~# apt policy systemd systemd: Installed: 245.4-4ubuntu3.23 Candidate: 245.4-4ubuntu3.23 Version table: *** 245.4-4ubuntu3.23 500 500 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages 100 /var/lib/dpkg/status 245.4-4ubuntu3.22 500 500 http://archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 245.4-4ubuntu3.20 500 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 245.4-4ubuntu3 500 500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages root@focal:~# resolvectl query test10.lan test10.lan: 192.168.122.143 -- link: eth0 (test0.lan)
-- Information acquired via protocol DNS in 70.3ms. -- Data is authenticated: no
I have verified the fix using systemd 245.4-4ubuntu3.23 from focal-proposed.
On the host, I have a Focal container, and killed the existing DNS servers:
nr@clean- jammy-amd64: ~$ lxc list -+----- ----+-- ----+-- ------- ------- ------- ------- ------- ------- --+---- ------- +------ -----+ -+----- ----+-- ----+-- ------- ------- ------- ------- ------- ------- --+---- ------- +------ -----+ cc58:1a82: 216:3eff: fe28:d8d9 (eth0) | CONTAINER | 0 | -+----- ----+-- ----+-- ------- ------- ------- ------- ------- ------- --+---- ------- +------ -----+ jammy-amd64: ~$ systemctl stop systemd-resolved jammy-amd64: ~$ kill -9 $(pgrep dnsmasq)
+------
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+------
| focal | RUNNING | | fd42:b04:
+------
nr@clean-
nr@clean-
Then, I start a new DNS server with a record which contains 10 CNAME redirects:
nr@clean- jammy-amd64: ~$ sudo dnsmasq --cname= test10. lan,test9. lan --cname= test9.lan, test8.lan --cname= test8.lan, test7.lan --cname= test7.lan, test6.lan --cname= test6.lan, test5.lan --cname= test5.lan, test4.lan --cname= test4.lan, test3.lan --cname= test3.lan, test2.lan --cname= test2.lan, test1.lan --cname= test1.lan, test0.lan -k -i lxdbr0 -z -I lo --host- record= test0.lan, 192.168. 122.143
...
In the container, I have systemd installed from focal-proposed, and I was able to successfully make the query despite more than 8 CNAME redirects:
root@focal:~# apt policy systemd archive. ubuntu. com/ubuntu focal-proposed/main amd64 Packages dpkg/status 4-4ubuntu3. 22 500 archive. ubuntu. com/ubuntu focal-updates/main amd64 Packages 4-4ubuntu3. 20 500 security. ubuntu. com/ubuntu focal-security/main amd64 Packages archive. ubuntu. com/ubuntu focal/main amd64 Packages
(test0. lan)
systemd:
Installed: 245.4-4ubuntu3.23
Candidate: 245.4-4ubuntu3.23
Version table:
*** 245.4-4ubuntu3.23 500
500 http://
100 /var/lib/
245.
500 http://
245.
500 http://
245.4-4ubuntu3 500
500 http://
root@focal:~# resolvectl query test10.lan
test10.lan: 192.168.122.143 -- link: eth0
-- Information acquired via protocol DNS in 70.3ms.
-- Data is authenticated: no