BIND 9.2 and Wildcards (MYSTERIOUS!)

Edward Lewis edlewis at arin.net
Tue Aug 31 21:11:12 UTC 2004


At 15:33 -0500 8/31/04, Peter John Hartman wrote:
>You've got it, but how do I resolve this problem.

By doing what you're doing. ;)  You have to repeat the wild card 
record everywhere you create a "shadow."

>We have some legacy sites which need to go to an old server, so our 
>zone file looks like this:
>
>yellowcreek.in.us       A       199.8.232.8
>                         IN      MX      0       MX1.MENNONITE.NET.
>                         IN      MX      10      MX2.MENNONITE.NET.
>www.yellowcreek.in.us   A       199.8.232.8
>                         IN      MX      0       MX1.MENNONITE.NET.
>                         IN      MX      10      MX2.MENNONITE.NET.
>*.mennonite.net.    14400   IN  A   199.8.232.35

So - you'd need *.in.us, *.us, and *.yellowcreek.in.us if you want to 
cover all other names.   (The latter only if you worried about 
smtp.yellowcreek.in.us)

It's a pain - but it's not BIND's problem, its the way DNS was 
defined years ago.  Compounding this is that the original wording has 
confused a generation of DNS server writers - there has been 
off-and-on a draft that clear this up.

(The off-and-on part is my fault.  I'm supposed to work on that.)

>Was this just a loophole in older BIND that BIND 9 fixed?

Maybe.  Wild cards are really confusing, especially to DNS (not just 
BIND) developers.  I know there's been a flip-flop on how empty 
non-terminals from version to version.  Mark Andrews (on this list) 
can give you a much better answer regarding this in BIND.  He's the 
(human) authoritative server on this. ;)

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                            +1-703-227-9854
ARIN Research Engineer

"I can't go to Miami.  I'm expecting calls from telemarketers." -
Grandpa Simpson.


More information about the bind-users mailing list