Brent Verner wrote:
[2005-01-25 13:23] Scott Lundgren said:Sorry for the ridiculously late response. :) I've had this in my Drafts folder, but this last week has been really crazy and I haven't had time to respond until now.
| ...
| What I'd like is this:
| www.mydomain.com is routed to my webhosting provider.
| dev.mydomain.com is routed to my server at home.
| | Looking at cpanel for my account @ the web hosting provider I can set up
| subdomains though they have to point to directory in my account. I don't
| see a way to set this up within GoDaddy's account maintainance. Ergo I
| guess I have to look for another way.
What _I_ like to do is have a wildcard host entry. This way
I don't have to screw around with my dns every time I decide
I need another virtual host... 8< --- 8<
Would this cause trouble to any name servers? Mine? (probably not,
it knows it's a wildcard answer) Your service provider's? (perhaps,
because it might cache actual host results instead of one wildcard
entry...or is the wildcard host a full fledged feature of DNS that
all name servers know about?)
Wildcard DNS is certainly something that can be handled by DNS servers, but your resolver may not handle it as well as you'd hope. Consider than when resolving host.com with an entry in your resolv.conf similar to "search yourdomain.com", you might get host.com.yourdomain.com instead. Wildcard DNS is also bad for other reasons - if someone is trying to validate a subdomain of your domain, they may get a false positive. Consider that if a spammer forges spam from [EMAIL PROTECTED], when the receiving mail server goes to look up bogus.yourdomain.com, it could stop and reject the spam right there - but if you have a wildcard domain it's going to get a result, and then unnecessarily chatter to your mail server, or even worse, if you're not running a mail server and are dropping packets to port 25, it may hang for an indeterminate about of time waiting for a response from your host.
As for the DOS aspect, that same situation where you don't have a wildcard DNS will still cause the server to cache a "no such domain" request, and it will only cache up to the limit of the size of the cache. You won't crash the machine, or even BIND (baring some other bug or misconfiguration), you'll just fill it with bogus cache information, and cause it to work harder. You could do the same thing by querying against any domain you like (and probably more quickly with random domains, as it would cache more glue records found along the way, and they'd have longer cache expiry times than an missed response).
For a historical example of why it is bad when your resolver completes things you didn't expect, check this RFC written about the particular trouble it has caused in the past:
http://www.faqs.org/rfcs/rfc1535.html
Aaron S. Joyner -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
