wildcard and subdomain wildcard leaves a gap
erik at NLnetLabs.nl
Wed Jan 28 08:28:14 UTC 2004
Phil Howard wrote:
> I've been using wildcards in one of my domains for a while, and recently
> even added a TXT record for SPF as a wildcard:
> For ham.org:
> * 12h IN A 126.96.36.199
> * 12h IN AAAA ::FFFF:188.8.131.52
> * 12h IN TXT "v=spf1 a mx ip4:184.108.40.206/27 ip4:220.127.116.11/28 ptr:ham.org -all"
> *.foo 2h IN A 18.104.22.168
> *.foo 2h IN AAAA ::FFFF:22.214.171.124
> *.foo 2h IN MX 0 .
> *.foo 2h IN TXT "v=spf1 -all"
> *.spf 1h IN A 126.96.36.199
> *.spf 1h IN AAAA ::FFFF:188.8.131.52
> *.spf 1h IN MX 0 .
> *.spf 1h IN TXT "v=spf1 -all"
> However, when I query just foo.ham.org I get nothing. The *.foo stuff
> does not match (I didn't expect it to), but the * stuff does not match,
> either (I expected that if it would not match *.foo it would at least
> fall back to match *).
This is expected behavior. When you define *.foo you also implicitly
define foo (as an empty non-terminal). This will match a query to
foo.ham.org but will not have any data to match with so you get an empty
The same kind of stuff happens when you define:
* IN TXT "wildcard text"
foo IN A 127.0.0.1
A query for <foo, IN, TXT> will _not_ match the wildcard text record.
You'll get a "no TXT record at foo" error instead.
This all explained pretty well in the wildcard clarify draft document,
which the NSD algorithm is based on. You can find the document at
More information about the nsd-users