Wildcard DNS (pros and cons)

Bill Larson bind9 at comcast.net
Mon Dec 13 17:14:48 UTC 2004

On Dec 13, 2004, at 9:57 AM, JimH at Nucleus.com wrote:

> Is there an ability to disallow wildcard DNS?  Lets say I am being a
> seconday DNS server for a customer, and I dont want wildcard DNS
> capabilities, is there a config option to disallow it?   The customers 
> I had
> doing this had no idea what it was they were doing.  It was made so 
> they do
> not have to do any DNS Changes.  they had a website setup so they if 
> their
> customer entired some info, they could create a webpage with
> <subdomain>.theirtld.com domain, and he did not want to do DNS for at 
> all
> (taking the lazy man's approach)

If you are a slave for a domain, then I would argue that you are 
accepting the authority of the information put into the master's zone 
file, including wildcard resource records.  If you can't agree with 
their DNS management, then don't act as a slave for their DNS 

If you were to "disallow wildcard DNS", then your slave server would be 
providing different DNS information than that provided by the master.  
This would end up being an extremely awkward situation.  There would 
then be questions posted to this list asking "why don't I get an answer 
when I type in "xyz.theirtld.com" and then when I do it again I do get 
an answer?".  Your suggestion would be making more work for all of us.

The resources necessary on a DNS server to support wildcard resource 
records are minimal.  Why would you feel that it is necessary to 
disallow this capability?

Bill Larson

More information about the bind-users mailing list