Hi Pieter, On 09/09/2016 07:20 AM, Pieter Lexis wrote: >> *.example.com. IN A 1.2.3.4 >> a.example.com. IN A 2.3.4.5 >> >> Then, without DNSSEC enabled, asking for the A record of b.a.example.com >> gives 1.2.3.4. However, with DNSSEC enable, the result is NXDOMAIN. >> >> So, there is a difference in how a wildcard record impacts higher-level >> subdomains of a domain which is configured explicitly on the same level >> as the wildcard record. >> >> Is this behavior intended? > > Yes, this is proper behaviour.
There was a typo in the test zone I had secured with DNSSEC. I am sorry about the noise. I will verify test cases more thoroughly in the future. > But you're not telling us the whole story, here is an empty non-terminal in > your zone. Is there? The example.com SOA record makes sure that example.com is not empty, and rectify-zone did not generate an extra record. But you're right, I should have posted it. Best, Peter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pdns-users mailing list [email protected] https://mailman.powerdns.com/mailman/listinfo/pdns-users
