Wildcard hosts
Chris Buxton
cbuxton at menandmice.com
Sat Aug 26 02:25:19 UTC 2006
On Aug 25, 2006, at 6:48 PM, Barry Margolin wrote:
> In article <ecnvbu$c4c$1 at sf1.isc.org>, "AF" <af.at.work at gmail.com>
> wrote:
>
>> I was wondering if someone would mind highlighting any 'issues' with
>> using wildcard hosts.
>>
>> ie: *.mydomain.com
>
> The most common problem is that it prevents getting proper name lookup
> errors from applications that automatically append the local domain
> name. E.g. if you try to look up gooogle.com (let's pretend this
> doesn't exist), and when the application gets an error from DNS it
> retries this as gooogle.com.mydomain.com, this will return a result
> because of the wildcard. So the user never gets told that he
> misspelled
> google.com.
>
> Things are even worse for applications and libraries that append the
> default domain BEFORE trying the name as given. Then even if you type
> google.com correctly, it will look up google.com.mydomain.com, and
> return the address from the wildcard rather than the correct
> address of
> google.com. And unfortunately, there are still quite a few
> applications
> that work like this (Windows NSLOOKUP seems to be one of them).
It also causes problems for a well-known browser behavior of
prepending "www." and appending ".com" to any single-label domain
entered as a hostname, but only if the name doesn't look up by itself
first. (IE doesn't do this, but most other browsers do, starting with
Netscape 1.something).
Given the hostname input "foo" and the searchlist "example.com", the
order of queries is (with most current stub resolvers):
"foo.example.com"
"foo"
"www.foo.com"
Well, foo.example.com will return a positive ansewer if *.example.com
exists and owns an A record.
BTW: Windows nslookup bypasses the stub resolver, instead imitating
the behavior of really old stub resolvers (using the search list
first). That's why it's different (and bad). I don't know of any
other examples - not saying you're wrong, Barry, I'm just not
familiar with the examples.
Chris Buxton
Men & Mice
More information about the bind-users
mailing list