Unexpected wildcard matching

ip admin ipmanx at googlemail.com
Fri Jan 25 13:30:23 UTC 2013 

Hello,

I want to have a dummy (internal) root NS to resolve specific name
hello.test.com to 4.5.6.7, everything else to 1.2.3.4.

Using a wildcard does not work as expected (by me), though.

1st attempt:

# cat db.root
$TTL 86400
@                       IN      SOA     ns1.root.internal.
dnsadmin.root.internal. 1 21600 3600 604800 600
                        IN      NS      ns1.root.internal.
*                       IN      A       1.2.3.4
hello.test.com.         IN      A       4.5.6.7
# dig +short @localhost hello.test.com
4.5.6.7
# dig +short @localhost hello.test.net
1.2.3.4
# dig +short @localhost other.test.com
# dig +short @localhost other.test-it.com
# dig +short @localhost other.test.org
1.2.3.4
# dig +short @localhost other.test.net
1.2.3.4

Result: returns NXDOMAIN for anything ending in .com - probably because of
hello.test.com!

2nd attempt:

# cat db.root
$TTL 86400
@                       IN      SOA     ns1.root.internal.
dnsadmin.root.internal. 1 21600 3600 604800 600
                        IN      NS      ns1.root.internal.
*                       IN      A       1.2.3.4
*.com.                  IN      A       1.2.3.4
hello.test.com.         IN      A       4.5.6.7
# dig +short @localhost hello.test.com
4.5.6.7
# dig +short @localhost hello.test.net
1.2.3.4
# dig +short @localhost other.test.com
# dig +short @localhost other.com
1.2.3.4

Result: returns NXDOMAIN for anything matching label1.label2.com, works for
label1.com however. Again existing entry for hello.test.com seems to
override wildcards in an unexcpected way.

3rd attempt:

# cat db.root
$TTL 86400
@                       IN      SOA     ns1.root.internal.
dnsadmin.root.internal. 1 21600 3600 604800 600
                        IN      NS      ns1.root.internal.
*                       IN      A       1.2.3.4
*.com.                  IN      A       1.2.3.4
*.test.com.             IN      A       1.2.3.4
hello.test.com.         IN      A       4.5.6.7
# dig +short @localhost hello.test.com
4.5.6.7
# dig +short @localhost hello.test.net
1.2.3.4
# dig +short @localhost other.test.com
1.2.3.4
# dig +short @localhost other.test-it.com
1.2.3.4
# dig +short @localhost other.test.org
1.2.3.4
# dig +short @localhost other.test.net
1.2.3.4

Result: finally what I wanted

Any idea why the wildcard matching is affected by the individual
levels/labels of hello.test.com?

If multiple enties exist in addition to the wildcard the strange behaviour
applies to them as well, e.g. I need:

# cat db.root
$TTL 86400
@                       IN      SOA     ns1.root.internal.
dnsadmin.root.internal. 1 21600 3600 604800 600
                        IN      NS      ns1.root.internal.
*                       IN      A       1.2.3.4
*.com.                  IN      A       1.2.3.4
*.test.com.             IN      A       1.2.3.4
hello.test.com.         IN      A       4.5.6.7
*.bar.            IN    A    1.2.3.4
*.foo.bar.        IN    A    1.2.3.4
hello.foo.bar.          IN      A       8.9.10.11

to resolve specific names hello.test.com and hello.foo.bar to their
respective IPs and everything else to 1.2.3.4.

(DNS-Server version happens to be BIND 9.7.4-P1)

Regards
 Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20130125/fc896da9/attachment.html>

More information about the bind-users mailing list