Wildcard DNS (pros and cons)
Bill Larson
bind9 at comcast.net
Mon Dec 13 17:14:48 UTC 2004
On Dec 13, 2004, at 9:57 AM, JimH at Nucleus.com wrote:
> Is there an ability to disallow wildcard DNS? Lets say I am being a
> seconday DNS server for a customer, and I dont want wildcard DNS
> capabilities, is there a config option to disallow it? The customers
> I had
> doing this had no idea what it was they were doing. It was made so
> they do
> not have to do any DNS Changes. they had a website setup so they if
> their
> customer entired some info, they could create a webpage with
> <subdomain>.theirtld.com domain, and he did not want to do DNS for at
> all
> (taking the lazy man's approach)
If you are a slave for a domain, then I would argue that you are
accepting the authority of the information put into the master's zone
file, including wildcard resource records. If you can't agree with
their DNS management, then don't act as a slave for their DNS
information.
If you were to "disallow wildcard DNS", then your slave server would be
providing different DNS information than that provided by the master.
This would end up being an extremely awkward situation. There would
then be questions posted to this list asking "why don't I get an answer
when I type in "xyz.theirtld.com" and then when I do it again I do get
an answer?". Your suggestion would be making more work for all of us.
The resources necessary on a DNS server to support wildcard resource
records are minimal. Why would you feel that it is necessary to
disallow this capability?
Bill Larson
More information about the bind-users
mailing list