I am trying to set up dnsmasq on my test VM to map calls to *.googleapis.com to *.private.googleapis.com as documented here. I cannot get storage.googleapis.com to resolve to storage.private.googleapis.com through a CNAME record
My dnsmasq.conf looks like this
listen-address=::1,127.0.0.1
auth-server=localhost
address=/private.googleapis.com/199.36.153.8
address=/private.googleapis.com/199.36.153.9
address=/private.googleapis.com/199.36.153.10
address=/private.googleapis.com/199.36.153.11
cname=*.googleapis.com,private.googleapis.com
my /etc/resolv.conf
nameserver 127.0.0.1
nameserver 8.8.4.4
nameserver 8.8.8.8
dig storage.private.googleapis.com
resolves as expected to 199.36.153.8/30 but
dig storage.googleapis.com
does not resolve to the same addresses and is resolved through the public 8.8 name servers.
What am I missing? Thanks a lot in advance.
Answering my own question here. I think dnsmasq may not be the best tool to accomplish this. I created a private zone in bind with the config below and I was able to access Google Cloud Storage through the private APIs. On CentOS 7.7 (/var/named/googleapis.com.zone):
$TTL 1D
@ IN SOA node-bind-server.mydomain.com. root.node-bind-server.mydomain.com. (
2017031301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
googleapis.com. IN NS node-bind-server.mydomain.com.
private.googleapis.com. IN A 199.36.153.8
private.googleapis.com. IN A 199.36.153.9
private.googleapis.com. IN A 199.36.153.10
private.googleapis.com. IN A 199.36.153.11
*.googleapis.com. IN CNAME private.googleapis.com.
and my /etc/named.conf references this file
zone "googleapis.com" IN {
type master;
file "googleapis.com.zone";
};
and my named version
[root@node-bind-server etc]# named -v
BIND 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.13 (Extended Support Version) <id:7107deb>