Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: [SOLVED] Nameserver Delegation vs Wildcard Entry  (Read 7371 times)

dstest01

  • Newbie
  • *
  • Posts: 17
[SOLVED] Nameserver Delegation vs Wildcard Entry
« on: January 25, 2012, 04:24:26 PM »

Hi,

I'm troubled by some unexpected DNS behaviour. Let's say i have a zone x, with a subdomain a.x delegated to other nameservers, and a wildcard entry *.x, defined as CNAME to another subdomain b.x, which is a zone on the nameserver itself.

Now requests like foo.a.x are resolved via the wildcard, the a.x NS entry seems to be totally ignored. Can someone explain this please?

Thanks.
« Last Edit: January 27, 2012, 03:25:15 PM by dstest01 »
Logged

snarked

  • Hero Member
  • *****
  • Posts: 741
Re: Nameserver Delegation vs Wildcard Entry
« Reply #1 on: January 26, 2012, 12:30:32 AM »

Correct behavior.  No explanation needed.  Learn what a wildcard entry does.  If you want to map names from outside a subdomain into it, maybe you want DNAME?
Logged

dstest01

  • Newbie
  • *
  • Posts: 17
Re: Nameserver Delegation vs Wildcard Entry
« Reply #2 on: January 26, 2012, 09:02:51 AM »

Correct behavior.  No explanation needed.  Learn what a wildcard entry does.

I tried... RFC1034 states:

Quote
Wildcard RRs do not apply:

   - When the query is in another zone.  That is, delegation cancels
     the wildcard defaults.

The only explanation i can think of right now is that the wildcard CNAME to an NS entry creates a situation where the nameserver sees a.x delegated and foo.a.x as well, then ignores the a.x delegation. But that would be a bug, wouldn't it? Whatever the case is, explanation would be appreciated. ;)

DNAME is not an option here i guess.
Logged

snarked

  • Hero Member
  • *****
  • Posts: 741
Re: Nameserver Delegation vs Wildcard Entry
« Reply #3 on: January 26, 2012, 09:30:46 AM »

What makes you think that "foo.a.x" is delegated when "a.x" is?  Because you have a wildcard which it matches, you actually have it listed in the "x" zone and therefore have NOT delegated it.
Logged

dstest01

  • Newbie
  • *
  • Posts: 17
Re: Nameserver Delegation vs Wildcard Entry
« Reply #4 on: January 26, 2012, 12:46:02 PM »

What makes you think that "foo.a.x" is delegated when "a.x" is?

1. My feeling for what should be ...
2. The RFC.
3. Testing with other nameservers, running bind and powerdns... if i rebuild my configuration there, both answer with NS records for foo.a.x, what i actually expected...

As i wasn't able to reproduce the behaviour of the he.net nameservers, i wonder what's wrong on which side...

[later] ... so i tested a bit more and:

4. The he.net nameservers are giving me different results for the same query... ns1 answers with the delegation, ns2..5 are using the wildcard... just got even stranger...

edit: Now ns1 is also using the wildcard... testing with dig +norecurse @ns1.he.net asdf.whyst.trds.de
« Last Edit: January 26, 2012, 01:45:07 PM by dstest01 »
Logged

dstest01

  • Newbie
  • *
  • Posts: 17
Re: Nameserver Delegation vs Wildcard Entry
« Reply #5 on: January 27, 2012, 03:24:37 PM »

Problem was fixed by an upgrade of the he.net nameservers. Thanks...
Logged