wildcard and subdomain wildcard leaves a gap

Phil Howard phil-nsd-users at ipal.net
Wed Jan 28 07:31:26 UTC 2004


I've been using wildcards in one of my domains for a while, and recently
even added a TXT record for SPF as a wildcard:

For ham.org:

* 12h IN A 209.102.192.73
* 12h IN AAAA ::FFFF:209.102.192.73
* 12h IN TXT "v=spf1 a mx ip4:209.102.192.64/27 ip4:209.102.208.16/28 ptr:ham.org -all"

This works just fine.  Today I tried something different to see how it would
behave.  The behaviour I saw was not quite what I expected and seems a little
inconsistent.  I added the following records:

*.foo 2h IN A 209.102.192.64
*.foo 2h IN AAAA ::FFFF:209.102.192.64
*.foo 2h IN MX 0 .
*.foo 2h IN TXT "v=spf1 -all"
*.spf 1h IN A 209.102.192.74
*.spf 1h IN AAAA ::FFFF:209.102.192.74
*.spf 1h IN MX 0 .
*.spf 1h IN TXT "v=spf1 -all"

When I query xyzzy.foo.ham.org I get the A and AAAA records just fine as
expected:

;; ANSWER SECTION:
xyzzy.foo.ham.org.      7200    IN      A       209.102.192.64
xyzzy.foo.ham.org.      7200    IN      TXT     "v=spf1 -all"
xyzzy.foo.ham.org.      7200    IN      MX      0 .
xyzzy.foo.ham.org.      7200    IN      AAAA    ::ffff:209.102.192.64

However, when I query just foo.ham.org I get nothing.  The *.foo stuff
does not match (I didn't expect it to), but the * stuff does not match,
either (I expected that if it would not match *.foo it would at least
fall back to match *).

Can someone tell me if this is the RFC specified behaviour (it seems odd
that it would match neither) or if this is a bug in NSD?  Why should the
existance of *.foo affect a lookup of foo without providing its data?

In case something else I put in the zone file is the culprit, here is a
URL to access the whole zone file as input to zonec:
    http://ham.org/ham.org.zone.txt

Here are digs I did to check on this:

=============================================================================
phil at vega:/home/phil 388> dig +norec @209.102.192.74 foo.ham.org. any

; <<>> DiG 9.2.3 <<>> +norec @209.102.192.74 foo.ham.org. any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31827
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;foo.ham.org.                   IN      ANY

;; AUTHORITY SECTION:
ham.org.                43200   IN      SOA     ns0.ipal.net. hostmaster.ipal.net. 268818491 10800 1800 864000 43200

;; Query time: 2 msec
;; SERVER: 209.102.192.74#53(209.102.192.74)
;; WHEN: Wed Jan 28 01:18:52 2004
;; MSG SIZE  rcvd: 88

phil at vega:/home/phil 389> dig +norec @209.102.192.74 xyzzy.foo.ham.org. any

; <<>> DiG 9.2.3 <<>> +norec @209.102.192.74 xyzzy.foo.ham.org. any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9916
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 7, ADDITIONAL: 0

;; QUESTION SECTION:
;xyzzy.foo.ham.org.             IN      ANY

;; ANSWER SECTION:
xyzzy.foo.ham.org.      7200    IN      A       209.102.192.64
xyzzy.foo.ham.org.      7200    IN      TXT     "v=spf1 -all"
xyzzy.foo.ham.org.      7200    IN      MX      0 .
xyzzy.foo.ham.org.      7200    IN      AAAA    ::ffff:209.102.192.64

;; AUTHORITY SECTION:
ham.org.                43200   IN      NS      ns0.ipal.org.
ham.org.                43200   IN      NS      ns1.ipal.org.
ham.org.                43200   IN      NS      ns2.ipal.org.
ham.org.                43200   IN      NS      ns3.ipal.org.
ham.org.                43200   IN      NS      ns4.ipal.org.
ham.org.                43200   IN      NS      ns5.ipal.org.
ham.org.                43200   IN      NS      ns6.ipal.org.

;; Query time: 4 msec
;; SERVER: 209.102.192.74#53(209.102.192.74)
;; WHEN: Wed Jan 28 01:19:26 2004
;; MSG SIZE  rcvd: 249

phil at vega:/home/phil 390> dig +norec @209.102.192.74 xyzzy.ham.org. any

; <<>> DiG 9.2.3 <<>> +norec @209.102.192.74 xyzzy.ham.org. any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39109
;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 0

;; QUESTION SECTION:
;xyzzy.ham.org.                 IN      ANY

;; ANSWER SECTION:
xyzzy.ham.org.          43200   IN      A       209.102.192.73
xyzzy.ham.org.          43200   IN      TXT     "v=spf1 a mx ip4:209.102.192.64/27 ip4:209.102.208.16/28 ptr:ham.org -all"
xyzzy.ham.org.          43200   IN      AAAA    ::ffff:209.102.192.73

;; AUTHORITY SECTION:
ham.org.                43200   IN      NS      ns0.ipal.org.
ham.org.                43200   IN      NS      ns1.ipal.org.
ham.org.                43200   IN      NS      ns2.ipal.org.
ham.org.                43200   IN      NS      ns3.ipal.org.
ham.org.                43200   IN      NS      ns4.ipal.org.
ham.org.                43200   IN      NS      ns5.ipal.org.
ham.org.                43200   IN      NS      ns6.ipal.org.

;; Query time: 4 msec
;; SERVER: 209.102.192.74#53(209.102.192.74)
;; WHEN: Wed Jan 28 01:21:38 2004
;; MSG SIZE  rcvd: 291

phil at vega:/home/phil 391>
=============================================================================

-- 
-----------------------------------------------------------------------------
| Phil Howard KA9WGN       | http://linuxhomepage.com/      http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/   http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------



More information about the nsd-users mailing list