wildcard not working after record deleted

Maria Iano bind-lists at iano.org
Tue Jun 20 15:59:16 UTC 2017


On Tue, Jun 20, 2017 at 10:08:44AM -0500, Bryan Bradsby wrote:
> On Tue, 2017-06-20 at 10:51 -0400, Maria Iano wrote:
>> > The queries are being directed at an authoritative server, exactly as
> > you describe above.
> > 
> > We also pay for a secondary dns provider who pulls our zones from the
> > same authoritative servers of ours which have this issue.
> > The wildcard works when we send the query to one of our secondary
> > provider's name servers.
> > 
> > Here is the answer from one of the secondary provider's servers:
> > 
> > ; <<>> DiG 9.10.2-P3 <<>> @<providers-server> <name> any
>> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;<name>		IN	ANY
> > 
> > ;; ANSWER SECTION:
> > <name>	300	IN	CNAME	<data-in-wilcard-record>
> 
> BIND does not allow a CNAME at the apex of the zone, some other flavors
> of DNS servers allow this. 

At first I was really hopeful that we had our explanation, but then I
realized you are talking about a CNAME for the zone itself, which we
don't have. I think this was a misunderstanding because of my sloppy
editing of the dig results. Replacing our zone name with example.com,
our wildcard record looks like this:

*.example.com.		300	IN	CNAME	name.cname.points.to.

Here are the results of a dig query for a record that was deleted, and a
dig query for a record that never existed, this time with the names
again replaced (sorry) with something more helpful.

$ dig @ns1.domain.com. deletedname.example.com. any

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.12 <<>> @ns1.domain.com. deletedname.example.com. any
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4107
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;deletedname.example.com.		IN	ANY

;; AUTHORITY SECTION:
example.com.		300	IN	SOA	ns1.domain.com. dnsadmin.example.com. 2017062002 1200 600 604800 300

;; Query time: 6 msec
;; SERVER: IPofns1#53(IPofns1)
;; WHEN: Tue Jun 20 11:27:17 2017
;; MSG SIZE  rcvd: 96

$ dig @ns1.domain.com. nonexistentname.example.com. any

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.12 <<>> @ns1.domain.com. nonexistentname.example.com. any
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8568
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 16, ADDITIONAL: 4

;; QUESTION SECTION:
;nonexistentname.example.com.		IN	ANY

;; ANSWER SECTION:
nonexistentname.example.com.	300	IN	CNAME	name.cname.points.to.

;; AUTHORITY SECTION:
list of all of our NS records

;; ADDITIONAL SECTION:
list of IPs of our name servers

;; Query time: 1 msec
;; SERVER: IPofns1#53(IPofns1)
;; WHEN: Tue Jun 20 11:27:26 2017
;; MSG SIZE  rcvd: 462

> 
> Was the wildcard changed to a CNAME in the last edit?
> 

I just checked, and the wildcard record hasn't been changed since 2015.

Thanks,
Maria



More information about the bind-users mailing list