What Ray Says Also, I have SSL certs right now (sadly but that's another talk) for aws-region-y.saas.com, *.saas.com *.foo.saas.com, *.saasdb.com etc. and let's say we want a ssl cert of aws-region-y.saas.com with all the wildcards as SNI names.
On Thu, Jul 19, 2018 at 3:39 PM, Ray Bellis <r...@bellis.me.uk> wrote: > On 19/07/2018 15:36, Patrick McManus wrote: > > > [replying to myself] I see now that the wildcards are part of things > > like axfr which form an open definition for interoperability.. so they > > are a wire protocol element of a sort. Thanks! > > Kind of. > > Wildcards are carried in AXFR so that primary and secondary name servers > both know to synthesise the required records. > > It is technically possible to explicitly ask for `*.example.com` to test > for the presence of a wildcard, but otherwise the synthesis is done > entirely on the server side and the `*` does *not* usually appear in the > DNS wire protocol. > > Ray > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop