Interesting behavior with wildcard domains

Darcy Kevin (FCA) kevin.darcy at
Tue Feb 23 23:29:16 UTC 2016

See “empty non-terminal” in

                                                                                                - Kevin

Kevin Darcy
NAFTA Information Security Projects

1075 W Entrance Dr,
Auburn Hills, MI 48326

Telephone: +1 (248) 838-6601
Mobile: +1 (810) 397-0103
Email: kevin.darcy at

From: bind-users-bounces at [mailto:bind-users-bounces at] On Behalf Of Noel Butler
Sent: Tuesday, February 23, 2016 6:19 PM
To: bind-users at
Subject: Re: Interesting behavior with wildcard domains

On 24/02/2016 09:13, Mathew Ian Eis wrote:

I've encountered (quite by accident) an interesting behavior in BIND with wildcard domains:

The relevant configuration is a zone; e.g., with what I'll call a "second level" wildcard host, e.g. * A in that zone. (as opposed to what might be considered the more usual wildcard host record of * returns A as expected.

However, a query for returns NOERR with zero results, when I would expect a NXDOMAIN.

Anyone know if the NOERR with zero results is the expected / correct behavior?

Thanks in advance,

Mathew Eis
Northern Arizona University
Information Technology Services

It's expected, since its a *  "." foo...
you are asking for anything thast dot foo, your not asking for foo

If you have the urge to reply to all rather than reply to list, you best first read

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3764 bytes
Desc: image001.jpg
URL: <>

More information about the bind-users mailing list