Wildcarded CNAMEs (slightly OT)

Darin Wayrynen darin at deru.net
Wed Jun 7 19:59:36 MST 2006


> Date: Wed, 7 Jun 2006 18:18:58 -0700
> From: Bill Jonas <bill at billjonas.com>
> Subject: Wildcarded CNAMEs (slightly OT)
> To: plug-discuss at lists.plug.phoenix.az.us
> Message-ID: <20060608011858.GW14161 at agent-smith.billjonas.com>
> Content-Type: text/plain; charset=3D"us-ascii"
> 
> I ran into a situation at work today when configuring DNS for a
> customer.
> 
> Is it permissible to have a wildcarded CNAME?  I'm talking about,
> conceptually, a zone file that looks like this after the SOA record:
> 
>   example.com.  IN NS     ns1.foo.bar.
>   example.com.  IN NS     ns2.foo.bar.
>   example.com.  IN CNAME  example.net.
> *.example.com.  IN CNAME  example.net.
> 
> BIND (We're using some version of BIND 9, but I don't have access to
> our name servers) didn't answer lookup requests for example.com or
> www.example.com.  The logs (viewed by the admin in charge of those
> servers) didn't show anything amiss, I don't think.
> 
> Google wasn't too helpful with 'wildcard cname' (no quotes).  The
> closest I came was RFC 1912 (http://rfc1912.x42.com/), section 2.4, but
> it still didn't quite fit.  Other results were on mailing lists for BIND
> and other DNS software discussing implementation errors and bugs.
> 
> I got around the problem by changing those CNAME records to A
> records, but I'm really curious if wildcarded CNAMEs are prohibited, and
> in what RFC.  If not, is this a bug in BIND?  (I'd ask about the
> resolver while I'm at it, but it would have the least to do with the
> problem, and lookups timed out on Windows, FreeBSD, and Linux.)</lj-cut>
> 
> Thanks for any light anyone can shed on this.


What you want to do is supported in Bind.

Ie:

Zone file for ipgods.com:
========================================================================

$TTL 86400      ; 1 day
; name          class           type            origin

@               IN      SOA     deru.net.       postmaster.deru.net. (
                                                2006060701; serial
                                                10800   ; refresh 3 hours
                                                3600    ; retry 1 hour
                                                3600000 ; expire ~41 days
                                                86400 ) ; minimum 1 day

                IN              NS              ns1.deru.net.
                IN              NS              ns2.deru.net.

                IN              MX 10           mail

                IN              A               140.99.36.235
www             IN              A               140.99.36.235
smtp            IN              A               140.99.36.235
pop             IN              A               140.99.36.235
mail            IN              A               140.99.36.235
ftp             IN              A               140.99.36.235
*.google        IN              CNAME           www.google.com.

========================================================================

[root at ns1.deru.net] $ nslookup bubba.google.ipgods.com
Note:  nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead.  Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server:         140.99.0.2
Address:        140.99.0.2#53

bubba.google.ipgods.com canonical name = www.google.com.
www.google.com  canonical name = www.l.google.com.
Name:   www.l.google.com
Address: 66.102.7.104
Name:   www.l.google.com
Address: 66.102.7.147
Name:   www.l.google.com
Address: 66.102.7.99

[root at ns1.deru.net] $ nslookup myexample.google.ipgods.com
Note:  nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead.  Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server:         140.99.0.2
Address:        140.99.0.2#53

myexample.google.ipgods.com     canonical name = www.google.com.
www.google.com  canonical name = www.l.google.com.
Name:   www.l.google.com
Address: 66.102.7.99
Name:   www.l.google.com
Address: 66.102.7.104
Name:   www.l.google.com
Address: 66.102.7.147


;-)

Darin



More information about the PLUG-discuss mailing list