When a wildcard domains returns a CNAME then shuffledns seems to pass it on even with -strict-wildcard
root@ip-172-31-36-39:~# echo "hello.catchall.sn1.se" | docker run --rm -i phasip/shuffledns -strict-wildcard -silent
hello.catchall.sn1.se
dig hello.catchall.sn1.se @8.8.8.8
; <<>> DiG 9.16.1-Ubuntu <<>> hello.catchall.sn1.se @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44996
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;hello.catchall.sn1.se. IN A
;; ANSWER SECTION:
hello.catchall.sn1.se. 599 IN CNAME localhost.sn1.se.
localhost.sn1.se. 599 IN A 127.0.0.1
;; Query time: 56 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 16 08:14:11 UTC 2020
;; MSG SIZE rcvd: 90