Wildcard oddity
My apologies for my earlier, arguably off-topic questions. Now I have a real honest-to-goodness BIND question. I have the following simple zone file installed as test0.tristatelogic.com: === $TTL 3600 @ IN SOA server1.tristatelogic.com. hostmaster.tristatelogic.com. ( 1412047583 10800 3600 604800 3600 ) IN NS server1.tristatelogic.com. *.colors IN A 127.0.0.2 *.jason.purple.colors IN A 127.0.0.3 ; *.purple.colors IN A 127.0.0.4 === Note that that last line is commented out. Curiously, when I do this query: dig simon.purple.colors.test0.tristatelogic.com I get back NXDOMAIN. Why? Intutively I would have thought that this query would have been matched by *.colors, but the presence of jason seems to be throwing a monkey wrench into the works for simon! It is also rather perplexing that when I uncomment that final line, then things seem to work as expected, i.e. the dig shown above then matches _that_ record, and I get back 127.0.0.4 (which is indeed what intutively _should_ happen). There must be something quirky about the wildcard matching rules that I'm not understanding. Why do these two rules cause something (i.e. anything) within the colors subdomain to *not* resolve? *.colors IN A 127.0.0.2 *.jason.purple.colors IN A 127.0.0.3 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Wildcard oddity
In message 20703.1412049...@server1.tristatelogic.com, Ronald F. Guilmette writes: My apologies for my earlier, arguably off-topic questions. Now I have a real honest-to-goodness BIND question. I have the following simple zone file installed as test0.tristatelogic.com: === $TTL 3600 @ IN SOA server1.tristatelogic.com. hostmaster.tristatelogic.c om. ( 1412047583 10800 3600 604800 3600 ) IN NS server1.tristatelogic.com. *.colors IN A 127.0.0.2 *.jason.purple.colors IN A 127.0.0.3 ; *.purple.colors IN A 127.0.0.4 === Note that that last line is commented out. Curiously, when I do this query: dig simon.purple.colors.test0.tristatelogic.com I get back NXDOMAIN. Why? Because that is how wildcard processing works. Go read RFC 1034, Section 4.3.2. Algorithm. Note the words label by label. Does the label colors exist? Does the label purple exist? Does the label simon exist? Does the label * exist? Mark Intutively I would have thought that this query would have been matched by *.colors, but the presence of jason seems to be throwing a monkey wrench into the works for simon! It is also rather perplexing that when I uncomment that final line, then things seem to work as expected, i.e. the dig shown above then matches _that_ record, and I get back 127.0.0.4 (which is indeed what intutively _should_ happen). There must be something quirky about the wildcard matching rules that I'm not understanding. Why do these two rules cause something (i.e. anything) within the colors subdomain to *not* resolve? *.colors IN A 127.0.0.2 *.jason.purple.colors IN A 127.0.0.3 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Wildcard oddity
On Mon, Sep 29, 2014 at 08:52:41PM -0700, Ronald F. Guilmette wrote: *.colors IN A 127.0.0.2 *.jason.purple.colors IN A 127.0.0.3 ; *.purple.colors IN A 127.0.0.4 === Note that that last line is commented out. Curiously, when I do this query: dig simon.purple.colors.test0.tristatelogic.com I get back NXDOMAIN. Why? Intutively I would have thought that this query would have been matched by *.colors, but the presence of jason seems to be throwing a monkey wrench into the works for simon! See RFC 1034 section 4.3.3: Wildcard RRs do not apply: - When the query name or a name between the wildcard domain and the query name is know to exist. For example, if a wildcard RR has an owner name of *.X, and the zone also contains RRs attached to B.X, the wildcards would apply to queries for name Z.X (presuming there is no explicit information for Z.X), but not to B.X, A.B.X, or X. Also see RFC 4592 section 2.2.2 (empty non-terminals) which would apply above and make purple.colors.test0.tristatelogic.com exist. Mukund pgpLT8asSUKv0.pgp Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users