wildcard resolves queries for all non-existing domains
Barry Margolin
barmar at alum.mit.edu
Wed Feb 15 02:52:09 UTC 2006
In article <dssnd1$db0$1 at sf1.isc.org>, Sim <simvirus at gmail.com> wrote:
> Hi!
>
> I have a problem with wildcard. It resolves queries for all
> non-existing domains.
>
> # uname -n
> ns1.test.com
>
> # cat /etc/resolv.conf
> nameserver 127.0.0.1
>
> .. named/master/test.com
> -------------------------
> $TTL 43200
> * IN SOA ns1.test.com. postmaster.test.com. (
> 2006020406
> 28800
> 2880
> 1814400
> 86400 )
> ;
> NS ns1
> NS ns2
> MX 10 mx
> ;
> ns1 A 192.168.1.1
> ns2 A 192.168.1.2
> mx A 192.168.1.10
> www A 192.168.1.20
> * A 192.168.1.100
> ------------------------
>
> # dig qwertyu12345.com
>
> ;; QUESTION SECTION:
> ;qwertyu12345.com. IN A
>
> ;; AUTHORITY SECTION:
> com. 10800 IN SOA a.gtld-servers.net.
> nstld.verisign-grs.com. 1139924349 1800 900 604800 900
>
> ;; Query time: 142 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>
>
> --------------------------
>
> # ping qwertyu12345.com
> PING 192.168.1.100 ....
What's probably happening is that your resolver is appending your local
domain when the normal lookup fails, so it's looking up
qwertyu12345.com.test.com. This succeeds because of the wildcard.
That's the most common problem with wildcards, which is why they're
frequently a bad idea.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list