BIND 9.2 and Wildcards (MYSTERIOUS!)
Edward Lewis
edlewis at arin.net
Tue Aug 31 21:11:12 UTC 2004
At 15:33 -0500 8/31/04, Peter John Hartman wrote:
>You've got it, but how do I resolve this problem.
By doing what you're doing. ;) You have to repeat the wild card
record everywhere you create a "shadow."
>We have some legacy sites which need to go to an old server, so our
>zone file looks like this:
>
>yellowcreek.in.us A 199.8.232.8
> IN MX 0 MX1.MENNONITE.NET.
> IN MX 10 MX2.MENNONITE.NET.
>www.yellowcreek.in.us A 199.8.232.8
> IN MX 0 MX1.MENNONITE.NET.
> IN MX 10 MX2.MENNONITE.NET.
>*.mennonite.net. 14400 IN A 199.8.232.35
So - you'd need *.in.us, *.us, and *.yellowcreek.in.us if you want to
cover all other names. (The latter only if you worried about
smtp.yellowcreek.in.us)
It's a pain - but it's not BIND's problem, its the way DNS was
defined years ago. Compounding this is that the original wording has
confused a generation of DNS server writers - there has been
off-and-on a draft that clear this up.
(The off-and-on part is my fault. I'm supposed to work on that.)
>Was this just a loophole in older BIND that BIND 9 fixed?
Maybe. Wild cards are really confusing, especially to DNS (not just
BIND) developers. I know there's been a flip-flop on how empty
non-terminals from version to version. Mark Andrews (on this list)
can give you a much better answer regarding this in BIND. He's the
(human) authoritative server on this. ;)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer
"I can't go to Miami. I'm expecting calls from telemarketers." -
Grandpa Simpson.
More information about the bind-users
mailing list