Skip to content

Wildcard A record is also returned when looking up a specific CNAME #1950

New issue
New issue
Open
Open
Wildcard A record is also returned when looking up a specific CNAME#1950
Labels
bugSomething isn't working
@Munchungus

Description

@Munchungus
Munchungus
opened on Nov 17, 2025

Describe the bug
When you have a wildcard A record and a CNAME pointing to a non-wildcard A record all in the same DNS zone, Gravity returns the results of both the wildcard A record and the non-wildcard A record when looking up the CNAME. As I understand it only the non-wildcard A record result should be returned in this case since the CNAME is a more specific match.

Note this issue is specifically with CNAMEs. Looking up a more specific A record returns only the IP of that record as expected.

To Reproduce
Steps to reproduce the behavior:

  1. Create a wildcard A record (e.g. *.example.com. with IP 192.168.0.252)
  2. Create a non-wildcard A record (e.g. service1.example.com. with IP 192.168.0.251)
  3. Create a CNAME record pointing to the non-wildcard A record (e.g. service2.example.com. pointing to service1.example.com.)
  4. Lookup the CNAME
  5. Both the wildcard A record and non-wildcard A record results are returned.

Expected behavior
Only the result of the non-wildcard A record should be returned when looking up the CNAME.

Screenshots
Querying the CNAME:

$ nslookup service2.example.com.
Server:         192.168.0.250
Address:        192.168.0.250#53

Non-authoritative answer:
Name:   service2.example.com
Address: 192.168.0.252
service2.example.com    canonical name = service1.example.com.
Name:   service1.example.com
Address: 192.168.0.251

Querying the non-wildcard A record:

$ nslookup service1.example.com.
Server:         192.168.0.250
Address:        192.168.0.250#53

Non-authoritative answer:
Name:   service1.example.com
Address: 192.168.0.251

Logs

{"level":"info","ts":1763255686.0002294,"logger":"role.dns","msg":"DNS Query","instance":"","version":"0.28.7","runtime":8,"client":"192.168.0.205","response":"NOERROR","queryNames":["service2.example.com."],"queryTypes":["A"],"answerRecords":["192.168.0.252","service1.example.com.","192.168.0.251"],"answerTypes":["A","CNAME","A"]}
{"level":"info","ts":1763255686.0326798,"logger":"role.dns","msg":"DNS Query","instance":"","version":"0.28.7","runtime":30,"client":"192.168.0.205","response":"NOERROR","queryNames":["service1.example.com."],"queryTypes":["AAAA"],"answerRecords":[],"answerTypes":[]}

Version and Deployment (please complete the following information):

  • Gravity version: 0.28.7
  • Deployment: kubernetes deployment with external etcd

Additional context
Add any other context about the problem here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions