Quick question from a newbie

Kevin Darcy kcd at daimlerchrysler.com
Mon Jan 23 23:26:45 UTC 2006 

binderright at googlemail.com wrote:

>Hi guys - here's the thing: I'm good at programming, but I know nothing
>about bind and dns and I'm on a tight deadline. Any help would be
>appreciated.
>
>I need any host from my domain name to point at a single site, except
>for mail. Right now only www.mydomain.com goes there. But I need any
>host host to go there, meaning that xyz.mydomain.com and
>www.mydomain.com and whatever.mydomain.com should all point at the same
>site.
>
>So basically I know I need a willdcard but I don't know how. My host
>file looks like this (I changed the names and ips, but the file is
>identical):
>
>mydomain.com.	IN	SOA	ns1.nameserver.net. administrator.mydomain.com. (
>			7894112207
>			3600
>			600
>			86400
>			3600 )
>mydomain.com.	IN	NS	ns1.nameserver.net.
>mail.mydomain.com.	IN	A	218.221.789.900
>mydomain.com.	IN	MX	10   mail.mydomain.com.
>mydomain.com.	IN	A	458.465.45.12
>ftp.mydomain.com.	IN	A	458.465.45.12
>intranet.mydomain.com.	IN	A	458.465.45.12
>www.mydomain.com.	IN	A	458.465.45.12
>
>
>Is it ok if I add *.mydomain.com.	IN	A	458.465.45.12 at the end of the
>file? Would it do the trick?
>
Well, you could *try* that, but you should be aware that wildcards can 
be tricky. Now all of the sudden *every* name under the domain resolves 
from an A-record query, and that can break some apps. Also, even 
non-A-record queries will change behavior, since DNS has a concept of 
matching a name, but not the query type, so even a query of type, say, 
MX, of random-name-here.mydomain.com, will start responding differently 
than it did before ("no records of requested type" instead of "no such 
name", since the wildcard name was matched, technically). This behavior 
change can also break some apps, including older mail software. Other 
complications ensue if you want to implement subdomains and/or subzones 
and/or names with "*" embedded in them. The IETF is working to clarify 
all of this, since implementations haven't been consistent in the past. 
See 
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-wcard-clarify-10.txt 
(ignore all of the DNSSEC stuff if, like most of us, you don't plan on 
implementing DNSSEC anytime soon).

So, bottom line is, it'll probably do what you want, but be very careful 
if you want to do this, and test thoroughly before production 
implementation.

                                                                         
                                                         - Kevin

More information about the bind-users mailing list