Unexpected wildcard matching
Tony Finch
dot at dotat.at
Fri Jan 25 13:43:08 UTC 2013
ip admin <ipmanx at googlemail.com> wrote:
>
> Any idea why the wildcard matching is affected by the individual levels/labels of
> hello.test.com?
See RFC 4592 "The Role of Wildcards in the Domain Name System", section
2.2 "Existence Rules" and especially 2.2.2 "Empty Non-terminals":
2.2. Existence Rules
The notion that a domain name 'exists' is mentioned in the definition
of wildcards. In section 4.3.3 of RFC 1034:
# Wildcard RRs do not apply:
#
...
# - When the query name or a name between the wildcard domain and
# the query name is know[n] to exist. . . .
"Existence" is therefore an important concept in the understanding of
wildcards. Unfortunately, the definition of what exists, in RFC
1034, is unclear. So, in sections 2.2.2. and 2.2.3, another look is
taken at the definition of existence.
2.2.2. Empty Non-terminals
Empty non-terminals [RFC2136, section 7.16] are domain names that own
no resource records but have subdomains that do. In section 2.2.1,
"_tcp.host1.example." is an example of an empty non-terminal name.
Empty non-terminals are introduced by this text in section 3.1 of RFC
1034:
# The domain name space is a tree structure. Each node and leaf on
# the tree corresponds to a resource set (which may be empty). The
# domain system makes no distinctions between the uses of the
# interior nodes and leaves, and this memo uses the term "node" to
# refer to both.
The parenthesized "which may be empty" specifies that empty non-
terminals are explicitly recognized and that empty non-terminals
"exist".
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.
More information about the bind-users
mailing list