Ray Bellis <[email protected]> wrote:
> On 06/11/2018 20:44, Tony Finch wrote:
>
> > If you are using an _prefix without any meaning of its own but only to
> > move a record away from the apex (so that it can be delegated or CNAMEd)
> > and also using a specific RR type or an RDATA prefix, then wildcards do
> > not conflict.
>
> I believe they still do, e.g.
>
> _domainkey.*.example.com IN TXT ...
You obviously can't do that, but you can do:
*.example.com TXT ...
and it'll match queries for tag._domainkey.whatever.example.com.
Except that it won't work very well for the specific example of _domainkey
records, because of the tag selector in the qname.
It will probably work OK for DMARC records which do not have any selectors
in the qname and which have a nice prefix in the TXT RDATA.
For the runing LJ example, if you want to match
_http.fanf.livejournal.com HTTP ...
the zone admin can publish
*.livejournal.com HTTP ...
But for the HTTP case, the record itself provides enough indirection so
there isn't any need for a _prefix to allow delegation as you might want
to for DMARC.
Tony.
--
f.anthony.n.finch <[email protected]> http://dotat.at/
Fair Isle, Faeroes, Southeast Southeast Iceland: Southeasterly 5 to 7,
occasionally gale 8 in Fair Isle. Rough, occasionally very rough. Occasional
rain. Moderate or good, occasionally poor.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
