Wildcard DNS (pros and cons)

Kevin Darcy kcd at daimlerchrysler.com
Tue Dec 14 01:23:29 UTC 2004

Edward Buck wrote:

>Hash: SHA1
>Jonathan de Boyne Pollard wrote:
>| EB> IMO, dns entries should not be ambiguous.
>| There's nothing inherently *ambiguous* about wildcards or the resource
>| record sets that are synthesized from them.  Wildcards are just one form
>| of server-side aliases.  (They alias together all of the
>| not-otherwise-explicitly specified labels.)  That doesn't cause
>| ambiguity, per se.
>I agree that there's nothing inherently ambiguous about wildcard
>entries.  But when the wildcard entry is abused and it becomes unclear
>whether the subdomain in question is valid or not, intended or not, then
>there is ambiguity.  I pick on wildcards here but it's not just about
>dns wildcards.  The smtp protocol is full of ambiguity, precipitating
>the need for sender verification protocols like SPF or DomainKeys.
I think you need to revisit the definition of the term "ambiguity". 
There's nothing "ambiguous" about the source address of a connecting 
SMTP client. What SPF and DomainKeys attempt to address is the 
*authority* of that client to be sending SMTP messages for a specific 
mail domain.

- Kevin

More information about the bind-users mailing list