Re: Interesting behavior with wildcard domains
On Wed, Feb 24, 2016 at 12:30 PM Mark Andrewswrote: > > In message , Mathew Ian Eis > write > s: > Illegal character '-' in input file. > > Hi BIND, > > > > Ive encountered (quite by accident) an interesting behavior in BIND with > > wildcard domains: > > > > The relevant configuration is a zone; e.g. bar.com, with what Ill call a > > second level wildcard host, e.g. *.foo.bar.com A 10.10.10.5 in that > zone. > > (as opposed to what might be considered the more usual wildcard host > > record of *.bar.com). > > > > buz.foo.bar.com returns A 10.10.10.5 as expected. > > > > However, a query for foo.bar.com returns NOERR with zero results, when I > > would expect a NXDOMAIN. > > Why? If *.foo.bar.com exists then foo.bar.com, bar.com and com all exist. > > > Anyone know if the NOERR with zero results is the expected / correct > > behavior? > > It is the expected behaviour > Nah, it is the *correct* behavior, fairly clearly it is not the *expected* behavior :-P W (sorry, I'm feeling ornery today...) > > Thanks in advance, > > > > Mathew Eis > > Northern Arizona University > > Information Technology Services > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Interesting behavior with wildcard domains
This is what I was looking for - thanks! From: <bind-users-boun...@lists.isc.org<mailto:bind-users-boun...@lists.isc.org>> on behalf of "Darcy Kevin (FCA)" <kevin.da...@fcagroup.com<mailto:kevin.da...@fcagroup.com>> Date: Tuesday, February 23, 2016 at 4:29 PM To: "bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>" <bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>> Subject: RE: Interesting behavior with wildcard domains See “empty non-terminal” in https://www.rfc-editor.org/rfc/rfc4592.txt. - Kevin From: bind-users-boun...@lists.isc.org<mailto:bind-users-boun...@lists.isc.org> [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Noel Butler Sent: Tuesday, February 23, 2016 6:19 PM To: bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> Subject: Re: Interesting behavior with wildcard domains On 24/02/2016 09:13, Mathew Ian Eis wrote: Hi BIND, I've encountered (quite by accident) an interesting behavior in BIND with wildcard domains: The relevant configuration is a zone; e.g. bar.com, with what I'll call a "second level" wildcard host, e.g. *.foo.bar.com A 10.10.10.5 in that zone. (as opposed to what might be considered the more usual wildcard host record of *.bar.com). buz.foo.bar.com returns A 10.10.10.5 as expected. However, a query for foo.bar.com returns NOERR with zero results, when I would expect a NXDOMAIN. Anyone know if the NOERR with zero results is the expected / correct behavior? Thanks in advance, Mathew Eis Northern Arizona University Information Technology Services It's expected, since its a * "." foo... you are asking for anything thast dot foo, your not asking for foo -- If you have the urge to reply to all rather than reply to list, you best first read http://members.ausics.net/qwerty/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Interesting behavior with wildcard domains
In message, Mathew Ian Eis write s: Illegal character '-' in input file. > Hi BIND, > > Ive encountered (quite by accident) an interesting behavior in BIND with > wildcard domains: > > The relevant configuration is a zone; e.g. bar.com, with what Ill call a > second level wildcard host, e.g. *.foo.bar.com A 10.10.10.5 in that zone. > (as opposed to what might be considered the more usual wildcard host > record of *.bar.com). > > buz.foo.bar.com returns A 10.10.10.5 as expected. > > However, a query for foo.bar.com returns NOERR with zero results, when I > would expect a NXDOMAIN. Why? If *.foo.bar.com exists then foo.bar.com, bar.com and com all exist. > Anyone know if the NOERR with zero results is the expected / correct > behavior? It is the expected behaviour. > Thanks in advance, > > Mathew Eis > Northern Arizona University > Information Technology Services > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Interesting behavior with wildcard domains
See “empty non-terminal” in https://www.rfc-editor.org/rfc/rfc4592.txt. - Kevin [FCA_Pantone_email] -- Kevin Darcy NAFTA Information Security Projects FCA US LLC 1075 W Entrance Dr, Auburn Hills, MI 48326 USA Telephone: +1 (248) 838-6601 Mobile: +1 (810) 397-0103 Email: kevin.da...@fcagroup.com From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Noel Butler Sent: Tuesday, February 23, 2016 6:19 PM To: bind-users@lists.isc.org Subject: Re: Interesting behavior with wildcard domains On 24/02/2016 09:13, Mathew Ian Eis wrote: Hi BIND, I've encountered (quite by accident) an interesting behavior in BIND with wildcard domains: The relevant configuration is a zone; e.g. bar.com, with what I'll call a "second level" wildcard host, e.g. *.foo.bar.com A 10.10.10.5 in that zone. (as opposed to what might be considered the more usual wildcard host record of *.bar.com). buz.foo.bar.com returns A 10.10.10.5 as expected. However, a query for foo.bar.com returns NOERR with zero results, when I would expect a NXDOMAIN. Anyone know if the NOERR with zero results is the expected / correct behavior? Thanks in advance, Mathew Eis Northern Arizona University Information Technology Services It's expected, since its a * "." foo... you are asking for anything thast dot foo, your not asking for foo -- If you have the urge to reply to all rather than reply to list, you best first read http://members.ausics.net/qwerty/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Interesting behavior with wildcard domains
On 24/02/2016 09:13, Mathew Ian Eis wrote: > Hi BIND, > > I've encountered (quite by accident) an interesting behavior in BIND with > wildcard domains: > > The relevant configuration is a zone; e.g. bar.com, with what I'll call a > "second level" wildcard host, e.g. *.foo.bar.com A 10.10.10.5 in that zone. > (as opposed to what might be considered the more usual wildcard host record > of *.bar.com). > > buz.foo.bar.com returns A 10.10.10.5 as expected. > > However, a query for foo.bar.com returns NOERR with zero results, when I > would expect a NXDOMAIN. > > Anyone know if the NOERR with zero results is the expected / correct > behavior? > > Thanks in advance, > > Mathew Eis > Northern Arizona University > Information Technology Services It's expected, since its a * "." foo... you are asking for anything thast dot foo, your not asking for foo -- If you have the urge to reply to all rather than reply to list, you best first read http://members.ausics.net/qwerty/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users