Non-terminal wildcards?
Cricket Liu
cricket at acmebw.com
Mon Aug 23 22:10:13 UTC 1999
> My mind boggles. I'm trying to figure out the effects of having ...
>
> mail.*.doubletree.com. IN <something>
> *.doubletree.com. IN <something else>
> subdomain.doubletree.com. IN NS <subdomserver>
>
> ... and have the outer world query for mail.subdomain.doubletree.com,
> but my brain refuses to attempt to do the calculation. ;-)
>
> There is enough rope in BIND already. I pray this is an unexpected and
> unwanted side effect.
That was sort of my point. We've already seen the effect of inadvertently
allowing multiple CNAMEs. If enough folks get wind of this (and I'm not
helping matters there), they may start using it for their own nefarious
purposes, and then we'll forever have a switch in BIND for
backwards-compatibility's sake like
options {
allow-non-terminal-wildcards yes;
};
Ugh. My reading of RFC 1034 says non-terminal wildcards are a no-no.
cricket
More information about the bind-workers
mailing list