TLD wildcard doesn't always work
Chris Michels
Chris.Michels at NAU.EDU
Wed Jul 19 23:27:50 UTC 2006
I did some further investigation.
First I need to say that my zone file list in the previous message is
not complete. I have about 13 A records and 11 PTR records in addition
to the wildcard I had listed before. If I remove all the additional A
records and PTR records the wildcard works fine.
With the wildcard and the additional records it won't resolve (via the
wildcard) any .edu name that I can find. So I added another wildcard like:
*.edu IN A 1.2.3.4
Now it will resolve all .edu names but it won't resolve just 'edu'.
I really don't understand what is going on here.
Here is the query of edu after adding the *.edu wildcard Notice that it
is not a NXDOMAIN response.
dig @localhost edu
; <<>> DiG 9.2.4 <<>> @localhost edu
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55847
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;edu. IN A
;; AUTHORITY SECTION:
. 30 IN SOA garnet.ucc.nau.edu.
cvm.jan.ucc.nau.edu. 1000001 1800 900 30 30
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Wed Jul 19 16:27:16 2006
;; MSG SIZE rcvd: 79
Chris Michels wrote:
> I have been running a DNS server with a top level domain wildcard for
> many years now. It worked fine until I tried to upgrade from BIND 9.2.1
> to BIND 9.3.1 or 9.3.2. Under the 9.3.x versions named returns
> NXDOMAIN for some domains. It looks to me NXDOMAIN is returned for
> anything in the edu domain. Everything else works fine. Any ideas what
> is going on here?
>
> My zone file looks like this:
>
> $TTL 30
> ;
> ; zone .
> ; Bogus root zone for redirecting web requests on some 10.x.0.0 networks
> ;
> @ IN SOA garnet.ucc.nau.edu. bogus.nau.edu. 1000001 1800
> 900 30 30
> IN NS garnet.ucc.nau.edu
> $ORIGIN .
> ;
> ; Default location to send people
> * IN A 1.2.3.4
>
>
>
> And my named.conf lookes like:
>
> #
> # named.conf used for redirecting 10.1, 10.2 and possibly other addresses to
> # a default web server.
> #
> # use all default options
> options {
> directory "/usr/local/opt/named";
> datasize 25M ;
> };
>
> # No hint file since we a pretending to be the root nameserver
>
> #zone "." in {
> # type hint;
> # file "/nau/local/etc/named/named.cache";
> #};
>
> # Everything will be defined in the root zone.
>
> zone "." in {
> type master;
> file "/usr/local/opt/named/root.zone";
> };
>
>
>
> Here are some sample dig commands:
>
> dig @localhost www.asu.edu
>
> ; <<>> DiG 9.2.4 <<>> @localhost www.asu.edu
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7770
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.asu.edu. IN A
>
> ;; AUTHORITY SECTION:
> . 30 IN SOA garnet.ucc.nau.edu.
> cvm.jan.ucc.nau.edu. 1000001 1800 900 30 30
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(localhost)
> ;; WHEN: Wed Jul 19 12:13:10 2006
> ;; MSG SIZE rcvd: 87
>
>
>
> dig @localhost www.asu.com
>
> ; <<>> DiG 9.2.4 <<>> @localhost www.asu.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64866
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;www.asu.com. IN A
>
> ;; ANSWER SECTION:
> www.asu.com. 30 IN A 134.114.96.127
>
> ;; AUTHORITY SECTION:
> . 30 IN NS garnet.ucc.nau.edu.
>
> ;; ADDITIONAL SECTION:
> garnet.ucc.nau.edu. 30 IN A 134.114.254.14
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(localhost)
> ;; WHEN: Wed Jul 19 12:14:04 2006
> ;; MSG SIZE rcvd: 92
>
>
>
--
Chris Michels -- Systems Programmer/Team Lead -- +1 928 523-6495
Northern Arizona University -- Flagstaff, AZ
PGP key: http://jan.ucc.nau.edu/~cvm <http://jan.ucc.nau.edu/%7Ecvm>
Team Info: http://www4.nau.edu/its/sia
"The significant problems we face cannot be solved at the same level of
thinking we were at when we created them" -- Albert Einstein
More information about the bind-users
mailing list