Wildcard DNS (pros and cons)
Chris De Young
chd at arizona.edu
Fri Dec 10 19:51:00 UTC 2004
So, let me make sure that I understand how this works...
> We use wildcard MX records in our internal root zone to route outbound
> Internet mail, for instance, which allows us to run "dumb" mail
> configurations on our servers and control the mail routing centrally.
> But if some day, for example, I were to define a foobar.microsoft.com
> name in our internal DNS (e.g. to redirect a worm-generated DoS to the
> bit bucket), then if I didn't remember to also define an explicit
> *.microsoft.com MX record, then the "empty non-terminal" would put the
> kibosh on all mail to @microsoft.com addresses
So you have something like:
*.com. MX 10 local.mail.server. ; or whatever
foobar.microsoft.com. A 1.2.3.4
So now in this case, the wildcard record does not apply to microsoft.com or
any subdomain of microsoft.com? But it would still match, say,
"foo.soft.com"? I guess I don't actually know what an "empty non-terminal" is.
Thanks,
-Chris
-- Attached file included as plaintext by Ecartis --
-- File: signature.asc
-- Desc: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBuf4k6wikFTeeYkQRAh+RAJ92hSO08MkfB9TyECjpn4mA4VvXhgCeKZqL
G+/r93u8yibkPN795aCZI+Y=
=yeNM
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list