Problem with cname target pointing to wildcard A record
Carl Byington
carl at five-ten-sg.com
Tue Aug 22 17:43:53 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If we do
dig 1.2.3.4.blackholes.five-ten-sg.com a
we should get both a CNAME record, and the resulting A record, from any of
the authoratative dns servers, or from any dns server that will do
recursion for us. At least that is my understanding of correct operation.
1.2.3.4.blackholes.five-ten-sg.com. 86400 IN CNAME
4.3.208.65.dsl-verizon.net.misc.spam.blackholes.five-ten-sg.com.
4.3.208.65.dsl-verizon.net.misc.spam.blackholes.five-ten-sg.com. 864000
IN A 127.0.0.2
That A record is actually a wildcard
*.misc.spam.blackholes.five-ten-sg.com
This works on all the BIND servers, but is currently failing on some
authoratative Windows dns servers. In particular, if you try that dig
above on ns2.five-ten-sg.com, it only returns the CNAME record.
If the target of the CNAME is not a wildcard, it seems to work
properly.
dig 1.2.14.58.blackholes.five-ten-sg.com a @ns2.five-ten-sg.com
returns both the CNAME and the A record, since 'china.spam' is not a
wildcard.
Is there any known workaround for this on Windows, or is this difference
between BIND and Windows dns allowed by the dns spec?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFE60JCL6j7milTFsERAjvvAJ99W7H7SGU6VtF7GvNIQkT8KVbCxgCghljC
x8vEIJ74KKg3wT6VUaJeg2c=
=S+qT
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list