wildcard and subdomain wildcard leaves a gap
Phil Howard
phil-nsd-users at ipal.net
Wed Jan 28 07:31:26 UTC 2004
I've been using wildcards in one of my domains for a while, and recently
even added a TXT record for SPF as a wildcard:
For ham.org:
* 12h IN A 209.102.192.73
* 12h IN AAAA ::FFFF:209.102.192.73
* 12h IN TXT "v=spf1 a mx ip4:209.102.192.64/27 ip4:209.102.208.16/28 ptr:ham.org -all"
This works just fine. Today I tried something different to see how it would
behave. The behaviour I saw was not quite what I expected and seems a little
inconsistent. I added the following records:
*.foo 2h IN A 209.102.192.64
*.foo 2h IN AAAA ::FFFF:209.102.192.64
*.foo 2h IN MX 0 .
*.foo 2h IN TXT "v=spf1 -all"
*.spf 1h IN A 209.102.192.74
*.spf 1h IN AAAA ::FFFF:209.102.192.74
*.spf 1h IN MX 0 .
*.spf 1h IN TXT "v=spf1 -all"
When I query xyzzy.foo.ham.org I get the A and AAAA records just fine as
expected:
;; ANSWER SECTION:
xyzzy.foo.ham.org. 7200 IN A 209.102.192.64
xyzzy.foo.ham.org. 7200 IN TXT "v=spf1 -all"
xyzzy.foo.ham.org. 7200 IN MX 0 .
xyzzy.foo.ham.org. 7200 IN AAAA ::ffff:209.102.192.64
However, when I query just foo.ham.org I get nothing. The *.foo stuff
does not match (I didn't expect it to), but the * stuff does not match,
either (I expected that if it would not match *.foo it would at least
fall back to match *).
Can someone tell me if this is the RFC specified behaviour (it seems odd
that it would match neither) or if this is a bug in NSD? Why should the
existance of *.foo affect a lookup of foo without providing its data?
In case something else I put in the zone file is the culprit, here is a
URL to access the whole zone file as input to zonec:
http://ham.org/ham.org.zone.txt
Here are digs I did to check on this:
=============================================================================
phil at vega:/home/phil 388> dig +norec @209.102.192.74 foo.ham.org. any
; <<>> DiG 9.2.3 <<>> +norec @209.102.192.74 foo.ham.org. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31827
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;foo.ham.org. IN ANY
;; AUTHORITY SECTION:
ham.org. 43200 IN SOA ns0.ipal.net. hostmaster.ipal.net. 268818491 10800 1800 864000 43200
;; Query time: 2 msec
;; SERVER: 209.102.192.74#53(209.102.192.74)
;; WHEN: Wed Jan 28 01:18:52 2004
;; MSG SIZE rcvd: 88
phil at vega:/home/phil 389> dig +norec @209.102.192.74 xyzzy.foo.ham.org. any
; <<>> DiG 9.2.3 <<>> +norec @209.102.192.74 xyzzy.foo.ham.org. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9916
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 7, ADDITIONAL: 0
;; QUESTION SECTION:
;xyzzy.foo.ham.org. IN ANY
;; ANSWER SECTION:
xyzzy.foo.ham.org. 7200 IN A 209.102.192.64
xyzzy.foo.ham.org. 7200 IN TXT "v=spf1 -all"
xyzzy.foo.ham.org. 7200 IN MX 0 .
xyzzy.foo.ham.org. 7200 IN AAAA ::ffff:209.102.192.64
;; AUTHORITY SECTION:
ham.org. 43200 IN NS ns0.ipal.org.
ham.org. 43200 IN NS ns1.ipal.org.
ham.org. 43200 IN NS ns2.ipal.org.
ham.org. 43200 IN NS ns3.ipal.org.
ham.org. 43200 IN NS ns4.ipal.org.
ham.org. 43200 IN NS ns5.ipal.org.
ham.org. 43200 IN NS ns6.ipal.org.
;; Query time: 4 msec
;; SERVER: 209.102.192.74#53(209.102.192.74)
;; WHEN: Wed Jan 28 01:19:26 2004
;; MSG SIZE rcvd: 249
phil at vega:/home/phil 390> dig +norec @209.102.192.74 xyzzy.ham.org. any
; <<>> DiG 9.2.3 <<>> +norec @209.102.192.74 xyzzy.ham.org. any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39109
;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 7, ADDITIONAL: 0
;; QUESTION SECTION:
;xyzzy.ham.org. IN ANY
;; ANSWER SECTION:
xyzzy.ham.org. 43200 IN A 209.102.192.73
xyzzy.ham.org. 43200 IN TXT "v=spf1 a mx ip4:209.102.192.64/27 ip4:209.102.208.16/28 ptr:ham.org -all"
xyzzy.ham.org. 43200 IN AAAA ::ffff:209.102.192.73
;; AUTHORITY SECTION:
ham.org. 43200 IN NS ns0.ipal.org.
ham.org. 43200 IN NS ns1.ipal.org.
ham.org. 43200 IN NS ns2.ipal.org.
ham.org. 43200 IN NS ns3.ipal.org.
ham.org. 43200 IN NS ns4.ipal.org.
ham.org. 43200 IN NS ns5.ipal.org.
ham.org. 43200 IN NS ns6.ipal.org.
;; Query time: 4 msec
;; SERVER: 209.102.192.74#53(209.102.192.74)
;; WHEN: Wed Jan 28 01:21:38 2004
;; MSG SIZE rcvd: 291
phil at vega:/home/phil 391>
=============================================================================
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
More information about the nsd-users
mailing list