BIND 9.2 and Wildcards (MYSTERIOUS!)
Mark Andrews
Mark_Andrews at isc.org
Tue Aug 31 22:41:12 UTC 2004
> At 15:33 -0500 8/31/04, Peter John Hartman wrote:
> >You've got it, but how do I resolve this problem.
>
> By doing what you're doing. ;) You have to repeat the wild card
> record everywhere you create a "shadow."
>
> >We have some legacy sites which need to go to an old server, so our
> >zone file looks like this:
> >
> >yellowcreek.in.us A 199.8.232.8
> > IN MX 0 MX1.MENNONITE.NET.
> > IN MX 10 MX2.MENNONITE.NET.
> >www.yellowcreek.in.us A 199.8.232.8
> > IN MX 0 MX1.MENNONITE.NET.
> > IN MX 10 MX2.MENNONITE.NET.
> >*.mennonite.net. 14400 IN A 199.8.232.35
>
> So - you'd need *.in.us, *.us, and *.yellowcreek.in.us if you want to
> cover all other names. (The latter only if you worried about
> smtp.yellowcreek.in.us)
>
> It's a pain - but it's not BIND's problem, its the way DNS was
> defined years ago. Compounding this is that the original wording has
> confused a generation of DNS server writers - there has been
> off-and-on a draft that clear this up.
>
> (The off-and-on part is my fault. I'm supposed to work on that.)
>
> >Was this just a loophole in older BIND that BIND 9 fixed?
>
> Maybe. Wild cards are really confusing, especially to DNS (not just
> BIND) developers. I know there's been a flip-flop on how empty
> non-terminals from version to version. Mark Andrews (on this list)
> can give you a much better answer regarding this in BIND. He's the
> (human) authoritative server on this. ;)
Or people should just look at CHANGES.
1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
This was actually a disagreement between the DNSSEC RFC's and
the base DNS RFC's. The disagreement has now been resolved in
favour of the base documents.
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis +1-703-227-9854
> ARIN Research Engineer
>
> "I can't go to Miami. I'm expecting calls from telemarketers." -
> Grandpa Simpson.
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list