Wildcard hosts

Chris Buxton cbuxton at menandmice.com
Sat Aug 26 02:25:19 UTC 2006 

On Aug 25, 2006, at 6:48 PM, Barry Margolin wrote:

> In article <ecnvbu$c4c$1 at sf1.isc.org>, "AF" <af.at.work at gmail.com>
> wrote:
>
>> I was wondering if someone would mind highlighting any 'issues' with
>> using wildcard hosts.
>>
>> ie: *.mydomain.com
>
> The most common problem is that it prevents getting proper name lookup
> errors from applications that automatically append the local domain
> name.  E.g. if you try to look up gooogle.com (let's pretend this
> doesn't exist), and when the application gets an error from DNS it
> retries this as gooogle.com.mydomain.com, this will return a result
> because of the wildcard.  So the user never gets told that he  
> misspelled
> google.com.
>
> Things are even worse for applications and libraries that append the
> default domain BEFORE trying the name as given.  Then even if you type
> google.com correctly, it will look up google.com.mydomain.com, and
> return the address from the wildcard rather than the correct  
> address of
> google.com.  And unfortunately, there are still quite a few  
> applications
> that work like this (Windows NSLOOKUP seems to be one of them).

It also causes problems for a well-known browser behavior of  
prepending "www." and appending ".com" to any single-label domain  
entered as a hostname, but only if the name doesn't look up by itself  
first. (IE doesn't do this, but most other browsers do, starting with  
Netscape 1.something).

Given the hostname input "foo" and the searchlist "example.com", the  
order of queries is (with most current stub resolvers):

"foo.example.com"
"foo"
"www.foo.com"

Well, foo.example.com will return a positive ansewer if *.example.com  
exists and owns an A record.

BTW: Windows nslookup bypasses the stub resolver, instead imitating  
the behavior of really old stub resolvers (using the search list  
first). That's why it's different (and bad). I don't know of any  
other examples - not saying you're wrong, Barry, I'm just not  
familiar with the examples.

Chris Buxton
Men & Mice

More information about the bind-users mailing list