I'm trying to setup safe search on duckduckgo.com. According to their documentation here, I should add an alias for duckduckgo.com, pointing to safe.duckduckgo.com.
I'm thinking on doing this using a CNAME. However, I see my config only works for local domains, and it's not working with domains from upstream DNS servers.
This is my dnsmasq config:
root@OpenWrt:~# uci show dhcp.dnsmasq_kids
dhcp.dnsmasq_kids=dnsmasq
dhcp.dnsmasq_kids.domainneeded='1'
dhcp.dnsmasq_kids.localise_queries='1'
dhcp.dnsmasq_kids.rebind_protection='1'
dhcp.dnsmasq_kids.expandhosts='1'
dhcp.dnsmasq_kids.readethers='1'
dhcp.dnsmasq_kids.nonwildcard='1'
dhcp.dnsmasq_kids.localservice='1'
dhcp.dnsmasq_kids.local='/lan/'
dhcp.dnsmasq_kids.domain='lan'
dhcp.dnsmasq_kids.interface='kids'
dhcp.dnsmasq_kids.notinterface='loopback'
dhcp.dnsmasq_kids.authoritative='1'
dhcp.dnsmasq_kids.addnhosts='/etc/hosts.d'
dhcp.dnsmasq_kids.logqueries='1'
dhcp.dnsmasq_kids.server='208.67.222.123' '208.67.220.123'
root@OpenWrt:~# uci show dhcp.cname_duck
dhcp.cname_duck=cname
dhcp.cname_duck.cname='duckduckgo.com'
dhcp.cname_duck.target='safe.duckduckgo.com'
With this config, CNAME doesn't seems to work:
user@pc:~$ dig +noall +answer duckduckgo.com A @192.168.201.1
duckduckgo.com. 19 IN A 107.20.240.232
However, if i make this change:
root@OpenWrt:~# uci show dhcp.cname_duck
dhcp.cname_duck=cname
dhcp.cname_duck.cname='duckduckgo.com'
dhcp.cname_duck.target='openwrt.lan'
Then it works:
user@pc:~$ dig +noall +answer duckduckgo.com A @192.168.201.1
duckduckgo.com. 0 IN CNAME OpenWrt.lan.
OpenWrt.lan. 0 IN A 192.168.201.1
I'm using OpenWrt 18.06.8.
Any suggestion about what to do to implement this kind of aliases?