Quick question from a newbie
Kevin Darcy
kcd at daimlerchrysler.com
Mon Jan 23 23:26:45 UTC 2006
binderright at googlemail.com wrote:
>Hi guys - here's the thing: I'm good at programming, but I know nothing
>about bind and dns and I'm on a tight deadline. Any help would be
>appreciated.
>
>I need any host from my domain name to point at a single site, except
>for mail. Right now only www.mydomain.com goes there. But I need any
>host host to go there, meaning that xyz.mydomain.com and
>www.mydomain.com and whatever.mydomain.com should all point at the same
>site.
>
>So basically I know I need a willdcard but I don't know how. My host
>file looks like this (I changed the names and ips, but the file is
>identical):
>
>mydomain.com. IN SOA ns1.nameserver.net. administrator.mydomain.com. (
> 7894112207
> 3600
> 600
> 86400
> 3600 )
>mydomain.com. IN NS ns1.nameserver.net.
>mail.mydomain.com. IN A 218.221.789.900
>mydomain.com. IN MX 10 mail.mydomain.com.
>mydomain.com. IN A 458.465.45.12
>ftp.mydomain.com. IN A 458.465.45.12
>intranet.mydomain.com. IN A 458.465.45.12
>www.mydomain.com. IN A 458.465.45.12
>
>
>Is it ok if I add *.mydomain.com. IN A 458.465.45.12 at the end of the
>file? Would it do the trick?
>
Well, you could *try* that, but you should be aware that wildcards can
be tricky. Now all of the sudden *every* name under the domain resolves
from an A-record query, and that can break some apps. Also, even
non-A-record queries will change behavior, since DNS has a concept of
matching a name, but not the query type, so even a query of type, say,
MX, of random-name-here.mydomain.com, will start responding differently
than it did before ("no records of requested type" instead of "no such
name", since the wildcard name was matched, technically). This behavior
change can also break some apps, including older mail software. Other
complications ensue if you want to implement subdomains and/or subzones
and/or names with "*" embedded in them. The IETF is working to clarify
all of this, since implementations haven't been consistent in the past.
See
http://www.ietf.org/internet-drafts/draft-ietf-dnsext-wcard-clarify-10.txt
(ignore all of the DNSSEC stuff if, like most of us, you don't plan on
implementing DNSSEC anytime soon).
So, bottom line is, it'll probably do what you want, but be very careful
if you want to do this, and test thoroughly before production
implementation.
- Kevin
More information about the bind-users
mailing list