wildcard and subdomain wildcard leaves a gap
Erik Rozendaal
erik at NLnetLabs.nl
Wed Jan 28 08:28:14 UTC 2004
Phil Howard wrote:
> I've been using wildcards in one of my domains for a while, and recently
> even added a TXT record for SPF as a wildcard:
>
> For ham.org:
>
> * 12h IN A 209.102.192.73
> * 12h IN AAAA ::FFFF:209.102.192.73
> * 12h IN TXT "v=spf1 a mx ip4:209.102.192.64/27 ip4:209.102.208.16/28 ptr:ham.org -all"
> [...cut...]
> *.foo 2h IN A 209.102.192.64
> *.foo 2h IN AAAA ::FFFF:209.102.192.64
> *.foo 2h IN MX 0 .
> *.foo 2h IN TXT "v=spf1 -all"
> *.spf 1h IN A 209.102.192.74
> *.spf 1h IN AAAA ::FFFF:209.102.192.74
> *.spf 1h IN MX 0 .
> *.spf 1h IN TXT "v=spf1 -all"
> [...cut...]
> However, when I query just foo.ham.org I get nothing. The *.foo stuff
> does not match (I didn't expect it to), but the * stuff does not match,
> either (I expected that if it would not match *.foo it would at least
> fall back to match *).
This is expected behavior. When you define *.foo you also implicitly
define foo (as an empty non-terminal). This will match a query to
foo.ham.org but will not have any data to match with so you get an empty
answer.
The same kind of stuff happens when you define:
* IN TXT "wildcard text"
foo IN A 127.0.0.1
A query for <foo, IN, TXT> will _not_ match the wildcard text record.
You'll get a "no TXT record at foo" error instead.
This all explained pretty well in the wildcard clarify draft document,
which the NSD algorithm is based on. You can find the document at
<URL:http://www.ietf.org/internet-drafts/draft-ietf-dnsext-wcard-clarify-02.txt>
Erik
More information about the nsd-users
mailing list