Bogus Wild Card DNS

[John Wobus]

On Apr 8, 2011, at 10:58 AM, Martin McCormick wrote:

> I am trying to set up bind9.7.2P3 in a special manner such as is
> used in network registration setups in which named always
> returns the address of a registration server except for a few
> other domains that supply updates and antivirus scans, etc.
>
> 	In this case, I have microsoft.com as the one allowed
> domain and everything else should return the wild card A record.
> What is happening right now is that the one special allowed
> domain works fine and all else returned a SERVFAIL rather than
> resolving to what will eventually be the registration server.
> The microsoft allowed zone is defined in named.conf with
> forwarders
> My understanding is that the only real zone one needs is the
> hint zone or "." and here is mine:
>
> @ IN NS netreg.it.okstate.edu.
> microsoft.com.  IN NS netreg.it.okstate.edu.
> * IN A 139.78.6.193
>
> 	Why am I not getting resolution to 139.78.6.193 for any
> other query?
>
> 	The log isn't complaining about much of anything but any
> query that is not microsoft returns that SERVFAIL message.
>
> 	I must remind anybody experimenting with something like
> this to be sure to put a bogus DNS clause in your functional
> production DNS's so that anything that might somehow leak out of
> this experiment is treated as junk and ignored.
>
> 	Many thanks.
>
>
> Martin McCormick WB5AGZ  Stillwater, OK
> Systems Engineer
> OSU Information Technology Department Telecommunications Services  
> Group
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

I think you want a *.com entry as well as the * entry.
The existence of the 'microsoft.com.' record, believe
it or not, affects whether names of the form whatever.com
match the * A record.

DNS's rules for wildcarding have been known to trip
up a lot of people, so look for a full explanation.

John