* matches: bug or feature

Andrew Brown atatat at atatdot.net
Sun Jun 11 03:11:51 UTC 2000


i've got a zone "here", where the zone file looks like:

@	IN	SOA	noc.untraceable.net. hostmaster.untraceable.net. (
			2000032900 3H 1H 4W1D )
	IN	NS	noc.untraceable.net.
a.b.c.d	IN	TXT	"exact match"
*.c.d	IN	TXT	"partial match"
*	IN	TXT	"no match"

and the following results (abridged to show query, response, and
rcode):

   % dig txt a.b.c.d.here
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
   a.b.c.d.here.           1D IN TXT       "exact match"
   % dig txt b.c.d.here
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
   % dig txt c.c.d.here
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
   c.c.d.here.             1D IN TXT       "partial match"
   % dig txt c.d.here
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
   % dig txt d.d.here
   ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
   % dig txt d.here
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
   % dig txt e.here
   ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
   e.here.                 1D IN TXT       "no match"

is this expected?  did i miss an rfc on wildcard matching?  or is this
a little weird?  i "expected" a match at each turn, but it seems that
if i take a branch in the dns tree and don't reach a leaf, i can't try
another branch (maybe i'm too used to regex matching?).  more NXDOMAIN
responses would be understandable, but some of them just return
NOERROR with an soa and "ancount" set to zero, which is...confusing to
me.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior at daemon.org             * "ah!  i see you have the internet
twofsonet at graffiti.com (Andrew Brown)                that goes *ping*!"
andrew at crossbar.com       * "information is power -- share the wealth."



More information about the bind-workers mailing list