• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

[SOLVED] Nameserver Delegation vs Wildcard Entry

Started by dstest01, January 25, 2012, 04:24:26 PM

Previous topic - Next topic

dstest01

Hi,

I'm troubled by some unexpected DNS behaviour. Let's say i have a zone x, with a subdomain a.x delegated to other nameservers, and a wildcard entry *.x, defined as CNAME to another subdomain b.x, which is a zone on the nameserver itself.

Now requests like foo.a.x are resolved via the wildcard, the a.x NS entry seems to be totally ignored. Can someone explain this please?

Thanks.

snarked

Correct behavior.  No explanation needed.  Learn what a wildcard entry does.  If you want to map names from outside a subdomain into it, maybe you want DNAME?

dstest01

Quote from: snarked on January 26, 2012, 12:30:32 AM
Correct behavior.  No explanation needed.  Learn what a wildcard entry does.

I tried... RFC1034 states:

Quote
Wildcard RRs do not apply:

   - When the query is in another zone.  That is, delegation cancels
     the wildcard defaults.

The only explanation i can think of right now is that the wildcard CNAME to an NS entry creates a situation where the nameserver sees a.x delegated and foo.a.x as well, then ignores the a.x delegation. But that would be a bug, wouldn't it? Whatever the case is, explanation would be appreciated. ;)

DNAME is not an option here i guess.

snarked

What makes you think that "foo.a.x" is delegated when "a.x" is?  Because you have a wildcard which it matches, you actually have it listed in the "x" zone and therefore have NOT delegated it.

dstest01

#4
Quote from: snarked on January 26, 2012, 09:30:46 AM
What makes you think that "foo.a.x" is delegated when "a.x" is?

1. My feeling for what should be ...
2. The RFC.
3. Testing with other nameservers, running bind and powerdns... if i rebuild my configuration there, both answer with NS records for foo.a.x, what i actually expected...

As i wasn't able to reproduce the behaviour of the he.net nameservers, i wonder what's wrong on which side...

[later] ... so i tested a bit more and:

4. The he.net nameservers are giving me different results for the same query... ns1 answers with the delegation, ns2..5 are using the wildcard... just got even stranger...

edit: Now ns1 is also using the wildcard... testing with dig +norecurse @ns1.he.net asdf.whyst.trds.de

dstest01

Problem was fixed by an upgrade of the he.net nameservers. Thanks...