BUG? Wildcard lookup masked by more specific record of alternative type

Terry Burton tez at terryburton.co.uk
Fri Feb 14 13:10:03 UTC 2014


On 14 February 2014 12:01, Tony Finch <dot at dotat.at> wrote:
> Terry Burton <tez at terryburton.co.uk> wrote:
>> Is the following expected or is it a bug?
>
> It is correct. See RFC 4592 for the full explanation of how wildcards work.

For sake of Google...

RFC 4592 3.3.1 defines "The closest encloser is the node in the zone's
tree of existing domain names that has the most labels matching the
query name ... The source of synthesis is defined in the context of a
query process as that wildcard domain name immediately descending from
the closest encloser."

Adding the TSLA record for _443._tcp.test.domain amended the closest
encounter for the query from "domain" to the "test.domain" empty
non-terminal, hence no synthesis.


More information about the bind-users mailing list