BIND 9.2 and Wildcards (MYSTERIOUS!)
Peter John Hartman
peterjh at mennonot.net
Tue Aug 31 20:33:36 UTC 2004
You've got it, but how do I resolve this problem.
We have some legacy sites which need to go to an old server, so our zone file looks like this:
yellowcreek.in.us A 199.8.232.8
IN MX 0 MX1.MENNONITE.NET.
IN MX 10 MX2.MENNONITE.NET.
www.yellowcreek.in.us A 199.8.232.8
IN MX 0 MX1.MENNONITE.NET.
IN MX 10 MX2.MENNONITE.NET.
*.mennonite.net. 14400 IN A 199.8.232.35
Was this just a loophole in older BIND that BIND 9 fixed?
Thanks!
Peter
On Tue, 31 Aug 2004, Edward Lewis wrote:
> At 14:57 -0500 8/31/04, Peter John Hartman wrote:
> >We recently upgrade to bind 9.2.3 and have encountered a really
> >strange effect with wildcards.
> >Our entry (which worked before):
> >
> >*.mennonite.net. 14400 IN A 199.8.232.35
> >
> >Now, this wildcard only sort of works.
> >
> >I can ping foo.foo.mennonite.net but I can't ping foo.in.us.mennonite.net
> >or foo.us.mennonite.net, etc. unless I put in:
> >
> >*.us IN A 199.8.232.35
> >*.in.us IN A 199.8.232.35
> >
> >Very strange! Canadian sites do work, it should be noted:
> >foo.on.ca.mennonite.net resolves fine; in other words, it is just subdomains
> >underneath us.MYDOMAIN. No errors in the log.
> >I'm perplexed.
>
> It'd be easy for me to look at the zone file and tell you what is
> broken, but, you probably won't want to expose the whole zone file.
> (Understandable.)
>
> So, I'll try this example:
>
> If I have these records in the zone
> *.example.com A 1.1.1.1
> ca.nz.example.com A 1.1.1.1
>
> No record is synthesized (from the wild card) for eg.nz.example.com.
>
> Even though there is no nz.example.com record, the ca.nz.example.com
> record creates a shadow over anything under nz.example.com.
> nz.example.com is called an "empty non-terminal" - these block wild
> cards by their existence.
>
> Maybe you have a record with ....us.mennonite.net. somewhere in your zone.
>
More information about the bind-users
mailing list