Firewall --> Aliases --> Hosts does not follow CNAMEs

[Kornelius777]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

My Alias "Debian Update Servers" consists of those servers which are strictly necessary for performing Debian Updates.
Among these Server Names, there is e.g. "deb.debian.org" which is a CNAME for "debian.map.fastlydns.net".
Unfortunately, entering deb.debian.org into the Hosts List isn't sufficient. To make it accessible to my servers, I also had to add debian.map.fastlydns.net.

To Reproduce

Steps to reproduce the behavior:

1. Go to 'Firewall --> Aliases'
2. Add Alias, Type Hotst(s)
3. Add hostname (e.g. deb.debian.org) which resolves as a CNAME
4. Access e.g. deb.debian.org. (will be blocked)

Expected behavior

I would expect the alias to dive into the CNAMES and resolve the whole chain.

Describe alternatives you considered

The only workaround for me (currently) is: Do a nslookup for every hostname and add the "final" hostname from the CNAME chain into the alias, additionally

Screenshots

none

Relevant log files

none

Additional context

none

Environment

Software version used and hardware type if relevant, e.g.:

OPNsense 24.7.11_2-amd64

[AdSchellevis]

cnames being are resolved, but if there's more [dns] magic in between you might not receive the same entries on every request.

core/src/opnsense/scripts/filter/lib/alias/base.py

Lines 133 to 135 in f163484

	if addr.rdtype is RdataType.CNAME:
	# query cname (recursion)
	self._request_queue.append(addr.target)