Using Wildcards in Subdomain Records
muhanad at plciq.com
muhanad at plciq.com
Thu Feb 17 14:20:25 UTC 2022
I apologize for the late reply with standard subject name.
I have an issue right now, which is the last one for this setup.
I want the main domain " example.com" to be resolved from the internet ( eg
get resolve from 8.8.8.8 ). And the subdomains " aa.example.com " to still
get resolved from my DNS server as specified by the zone file. I have
created two zones in the " named.conf" file on forward zone for (
example.com ) and one for the sub-domain ( aa.example.com ), the problem is
now the main domain ( example.com ) and the sub-domains ( aa.example.com)
get resolved from the internet since the main domain ( example.com ) is
getting higher priority. Is there any solution to this problem?.
-----Original Message-----
From: bind-users <bind-users-bounces at lists.isc.org> On Behalf Of
bind-users-request at lists.isc.org
Sent: Thursday, February 17, 2022 5:08 PM
To: bind-users at lists.isc.org
Subject: bind-users Digest, Vol 3907, Issue 4
Send bind-users mailing list submissions to
bind-users at lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/bind-users
or, via email, send a message with subject or body 'help' to
bind-users-request at lists.isc.org
You can reach the person managing the list at
bind-users-owner at lists.isc.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of bind-users digest..."
Today's Topics:
1. RE: bind-users Digest, Vol 3907, Issue 3 (muhanad at plciq.com)
2. Re: Is there a community product maintaining Windows support?
(Jakob Bohm)
3. Re: Bind: Standard Ports And Non Standard Ports (Jakob Bohm)
4. Re: ipv6 adoption (HE & DNSSEC) (Timothe Litt)
5. Re: Windows 9.16.25 fails to start (1067 Terminated
unexpectedly) (Jakob Bohm)
----------------------------------------------------------------------
Message: 1
Date: Thu, 17 Feb 2022 15:09:49 +0300
From: <muhanad at plciq.com>
To: <bind-users at lists.isc.org>
Subject: RE: bind-users Digest, Vol 3907, Issue 3
Message-ID: <004101d823f7$474702c0$d5d50840$@plciq.com>
Content-Type: text/plain; charset="us-ascii"
Ok , this is one issue solved ; I have another issue.
The main domain from previous ( example.com ) needs to be forwarded to the
internet and resolved normally, and with current configuration when I do
nslookup from inside the NDS server it resolves normally , the problem is
with client machines when they use my DNS the main domain ( example .com,
aa.example.com) don't reply back and the nslookup shows no results. Below
are the zone config.
$TTL 604800
@ IN SOA ns1.plciq.com. root.plciq.com. (
602172022 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.plciq.com
ns1 IN A 192.168.1.1
* IN A 192.168.1.5
* IN A 192.168.1.6
* IN A 192.168.1.7
-----Original Message-----
From: bind-users <bind-users-bounces at lists.isc.org> On Behalf Of
bind-users-request at lists.isc.org
Sent: Thursday, February 17, 2022 3:00 PM
To: bind-users at lists.isc.org
Subject: bind-users Digest, Vol 3907, Issue 3
Send bind-users mailing list submissions to
bind-users at lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/bind-users
or, via email, send a message with subject or body 'help' to
bind-users-request at lists.isc.org
You can reach the person managing the list at
bind-users-owner at lists.isc.org
When replying, please edit your Subject line so it is more specific than
"Re: Contents of bind-users digest..."
Today's Topics:
1. Re: Using Wildcards in Subdomain Records (Matus UHLAR - fantomas)
2. Re: ipv6 adoption (G.W. Haywood)
----------------------------------------------------------------------
Message: 1
Date: Thu, 17 Feb 2022 10:02:59 +0100
From: Matus UHLAR - fantomas <uhlar at fantomas.sk>
To: bind-users at lists.isc.org
Subject: Re: Using Wildcards in Subdomain Records
Message-ID: <Yg4PQ94YkxzFBinV at fantomas.sk>
Content-Type: text/plain; charset=iso-8859-2; format=flowed
On 17.02.22 11:08, muhanad wrote:
>Hello allI have a main domain (aa.example.com) that have hundereds of
>sub-domain ( bb.aa.example.com). I am setting a wildcard in the record
>file for the main domain so it forwards all subdomains to a number of
>addresses in a round-roben fashion( the record as follows "*? IN? A
>192.168.1.x ) the issue I am facing is the wildcard forwards any
>subdomain regardless wether it is a true subdomain ( bb.aa.example.com
>) or it is not a true subdomain ( xx.bb.aa.example.com )
These are subdomains too.
And this is how wildcards work, you can't change it.
If you don't like it, you'll have to list all records.
if there are the same records with multiple addresses, you can define
wildcard.example.com. A 192.0.2.1
A 192.0.2.2
A 192.0.2.3
bb.aa.example.com. CNAME wildcard.example.com.
cc.aa.example.com. CNAME wildcard.example.com.
etc.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
LSD will make your ECS screen display 16.7 million colors
------------------------------
Message: 2
Date: Thu, 17 Feb 2022 09:06:45 +0000 (GMT)
From: "G.W. Haywood" <bind at jubileegroup.co.uk>
To: bind-users at lists.isc.org
Subject: Re: ipv6 adoption
Message-ID: <9d13a6b-d52-fc51-ed31-46b314f16fc at jubileegroup.co.uk>
Content-Type: text/plain; format=flowed; charset=US-ASCII
Hi Grant,
On Thu, 17 Feb 2022, Grant Taylor wrote:
> Please clarify if you are talking about DNSSEC for your own zone that
> they are doing secondary transfers of or if you are talking about
> DNSSEC for the IPv6's reverse DNS namespace that they delegate to you.
Ah, good point Grant.
The reverse zones are delegated to us but they aren't signed.
--
73,
Ged.
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
------------------------------
End of bind-users Digest, Vol 3907, Issue 3
*******************************************
------------------------------
Message: 2
Date: Thu, 17 Feb 2022 13:42:57 +0100
From: Jakob Bohm <jb-bindusers at wisemo.com>
To: bind-users at lists.isc.org
Subject: Re: Is there a community product maintaining Windows support?
Message-ID: <fa5d9db8-b33f-f787-d6bc-43c283cd5e55 at wisemo.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Fortunately (or unfortunately), the existing port of the 9.16.x bind code to
Windows is built with Microsoft tools (MSVC2019) and contains its own
handling of differences between Windows and Unix.
If a maintainer stepped up to maintain the source for a port, I could
compile it locally for our own systems, as I happen to also be a software
developer using bind to support that activity.
I know that there is a project that builds a 3rd party installer for the
Windows port (I currently use the simple upstream install utility that is
included in the ISC binary download), and I was hoping that maybe someone
from that installer project could extend it to also maintain the port
itself.
On 2022-02-11 18:02, Ted Mittelstaedt wrote:
> I just became a maintainer on the apcupsd project.
>
> I don't know if bind for windows is built like apcupsd is, by using
> mingw32 but unfortunately there's problems with the mingw32 project
> these days, it's gone through a lot of transitions.
>
> Getting a working build environment for apcupsd at least, requires
> using pretty old versions of mingw.
>
> No doubt I'm going to be jumped on for saying so but I know for
> apcupsd I've got a -lot- of work to do to get it up to speed.
>
> There are some people out there who have built their own
> mingw32/mingw64 binaries that are separate from the ones "officially"
> distributed which might be an avenue.? My guess the ISC developer who
> was spearheading this port moved on to other things and ISC can't find
> someone who wants to get involved in this and I can understand why.
>
> There is an interesting article on this problem here:
>
> https://increment.com/open-source/the-rise-of-few-maintainer-projects/
>
> I would ask you this Jakob - would you trust a windows binary of bind
> that you compiled?
>
> I've got years of history participating on the apcupsd project. When I
> start submitting changes to it, the users of it have that trust
> automatically from that history.? They won't worry if they download a
> binary from sourceforge that I built that it's going to gun their
> system.? I'm a public figure in OSS besides that - people may like me
> or think I'm an asshole - but they know I'm a real person who has a
> rep. to maintain.? I've got a business, federal and state tax ID's, a
> published phone number, multiple domain names I've owned for years.?
> I can't run and hide.
>
> You can probably review the bind mailing list and dig out less than
> 100 names of people who have been on it, regularly posting, for the
> last decade.
>
> If none of those people step up to create a fork - then the windows
> port ?is effectively going to be dead I'm afraid.? Nobody is going to
> trust "some dude" with zero history who sets up on github and forks
> bind and posts a windows binary for downloading just because he says
> it's gold.
> Would you?? Trust a production system to that?
>
> OSS got it's start by making the CODE available, NOT BINARIES. Users
> like you were expected to be completely happy with the fact that the
> code was even there at all and it compiled.?? You do your own building.
> Not knowing how to run a compiler is no excuse.? The Internet has tons
> of tutorials on it.
>
> You want a bind for windows - build it yourself.? That's the can-do
> attitude that OSS started with.? I remember the first time I ever
> downloaded an real OSS code and built it myself.? It was rzsz - zmodem
> code for windows.? Back in the BBS days, really.? That's the only way
> you got that binary.? It was a total gas and I was hooked.? Don't deny
> yourself the same pleasure.
>
> Ted
>
>
> On 2/11/2022 8:24 AM, Jakob Bohm via bind-users wrote:
>> As ISC has apparently announced that it will no longer maintain the
>> code for running bind on Windows operating systems, and that this is
>> now up to the community, is there a community group that has stepped
>> up to the task?
>>
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej
29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion
message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
------------------------------
Message: 3
Date: Thu, 17 Feb 2022 13:50:00 +0100
From: Jakob Bohm <jb-bindusers at wisemo.com>
To: bind-users at lists.isc.org
Subject: Re: Bind: Standard Ports And Non Standard Ports
Message-ID: <bffc95e4-c2e9-ff2f-5726-081214200a19 at wisemo.com>
Content-Type: text/plain; charset=utf-8; format=flowed
On 2022-02-12 09:01, Greg Choules wrote:
> > "...to use a traditional VPN solution such as DNSSEC?..."
> DNSSEC is not a VPN service. It is regular, unencrypted DNS on port 53,
> or whichever port you choose - see the manuals and KB articles for how
> to configure non-standard ports. DNSSEC adds extra records to provide
> checks that answers are genuine.
Oops, typo, I meant IPSEC.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
------------------------------
Message: 4
Date: Thu, 17 Feb 2022 08:00:55 -0500
From: Timothe Litt <litt at acm.org>
To: bind-users at lists.isc.org
Subject: Re: ipv6 adoption (HE & DNSSEC)
Message-ID: <d0ffc87d-e92c-9c48-daed-1c95eef5d330 at acm.org>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
On 17-Feb-22 04:06, G.W. Haywood wrote:
> Hi Grant,
>
> On Thu, 17 Feb 2022, Grant Taylor wrote:
>
>> Please clarify if you are talking about DNSSEC for your own zone that
>> they are doing secondary transfers of or if you are talking about
>> DNSSEC for the IPv6's reverse DNS namespace that they delegate to you.
>
> Ah, good point Grant.
>
> The reverse zones are delegated to us but they aren't signed.
>
Yes, the issue with HE is that while they will delegate reverse zones to
you, they don't accept DS records.? So you can sign your zones, but
there is no signature chain to the root.
Before ISC retired DLV, it was possible to use that path - and I did.?
But unfortunately that ship has sailed.
dnsviz shows that HE hasn't signed its reverse zone.? That would be a
prerequisite to DNSSEC for zones it delegates to customers, as would be
a mechanism for submitting DS records to HE.
The issue has been open for (almost) 12 years.? I haven't seen any
updates from HE since the incoherent reply in the thread at
https://forums.he.net/index.php?topic=890.msg22055#msg22055
It's rather difficult to exert pressure on a vendor that's providing a
free service.?? But enough polite requests might help.
Perhaps further discussion of this belongs elsewhere...it seems to be
wandering from BIND.
Timothe Litt
ACM Distinguished Engineer
--------------------------
This communication may not represent the ACM or my employer's views,
if any, on the matters discussed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/bind-users/attachments/20220217/2a2c2c60/at
tachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL:
<https://lists.isc.org/pipermail/bind-users/attachments/20220217/2a2c2c60/at
tachment-0001.sig>
------------------------------
Message: 5
Date: Thu, 17 Feb 2022 15:07:47 +0100
From: Jakob Bohm <jb-bindusers at wisemo.com>
To: bind-users at lists.isc.org
Subject: Re: Windows 9.16.25 fails to start (1067 Terminated
unexpectedly)
Message-ID: <70aa6554-08bc-f4de-1a43-f282b8349347 at wisemo.com>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
On 2022-02-12 01:06, Richard T.A. Neal wrote:
> I run BIND on Windows as well but I've been unable to upgrade to 9.16.25 -
I get an error stating "Error Validating Account. Unable to install service
using this account.". So I'm presently running 9.16.21.
>
> What are the last few things in the Application Event Log (Source: named)
before it terminates?
>
> Richard.
>
> -----Original Message-----
> From: bind-users<bind-users-bounces at lists.isc.org> On Behalf Of Jakob
Bohm via bind-users
> Sent: 11 February 2022 12:19 pm
> To: bind-users<bind-users at lists.isc.org>
> Subject: Windows 9.16.25 fails to start (1067 Terminated unexpectedly)
>
> Dear list,
>
> When recently trying to upgrade some secondary-only authoritative servers
running on Windows machines, I found that Bind 9.16.25 (x86_64) binaries
from isc.org failed to completely startup, causing Windows to report that
"1067 The process terminated unexpectedly.", with 0 process exit code.?
Attempting to up the debug level all the way to "-d 100"
> failed to log a reason, but downgrading to the 9.16.21 binaries resumed
operation.
>
> Is there a known issue and workaround for this, or is there any additional
information to extract?
>
> <snip>
The latest in the log (I directed it to a file, as the Event Viewer
wrapping in the port was badly done) were the mentioned fetch of ./NS
etc. interspersed with zone loading messages for default zones (I
temporarily commented out the real zones to shorten the config, but it
still failed).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/bind-users/attachments/20220217/2b4b71ca/at
tachment.htm>
------------------------------
Subject: Digest Footer
_______________________________________________
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
------------------------------
End of bind-users Digest, Vol 3907, Issue 4
*******************************************
More information about the bind-users
mailing list