Wildcarded CNAMEs (slightly OT)
Darin Wayrynen
darin at deru.net
Wed Jun 7 19:59:36 MST 2006
> Date: Wed, 7 Jun 2006 18:18:58 -0700
> From: Bill Jonas <bill at billjonas.com>
> Subject: Wildcarded CNAMEs (slightly OT)
> To: plug-discuss at lists.plug.phoenix.az.us
> Message-ID: <20060608011858.GW14161 at agent-smith.billjonas.com>
> Content-Type: text/plain; charset=3D"us-ascii"
>
> I ran into a situation at work today when configuring DNS for a
> customer.
>
> Is it permissible to have a wildcarded CNAME? I'm talking about,
> conceptually, a zone file that looks like this after the SOA record:
>
> example.com. IN NS ns1.foo.bar.
> example.com. IN NS ns2.foo.bar.
> example.com. IN CNAME example.net.
> *.example.com. IN CNAME example.net.
>
> BIND (We're using some version of BIND 9, but I don't have access to
> our name servers) didn't answer lookup requests for example.com or
> www.example.com. The logs (viewed by the admin in charge of those
> servers) didn't show anything amiss, I don't think.
>
> Google wasn't too helpful with 'wildcard cname' (no quotes). The
> closest I came was RFC 1912 (http://rfc1912.x42.com/), section 2.4, but
> it still didn't quite fit. Other results were on mailing lists for BIND
> and other DNS software discussing implementation errors and bugs.
>
> I got around the problem by changing those CNAME records to A
> records, but I'm really curious if wildcarded CNAMEs are prohibited, and
> in what RFC. If not, is this a bug in BIND? (I'd ask about the
> resolver while I'm at it, but it would have the least to do with the
> problem, and lookups timed out on Windows, FreeBSD, and Linux.)</lj-cut>
>
> Thanks for any light anyone can shed on this.
What you want to do is supported in Bind.
Ie:
Zone file for ipgods.com:
========================================================================
$TTL 86400 ; 1 day
; name class type origin
@ IN SOA deru.net. postmaster.deru.net. (
2006060701; serial
10800 ; refresh 3 hours
3600 ; retry 1 hour
3600000 ; expire ~41 days
86400 ) ; minimum 1 day
IN NS ns1.deru.net.
IN NS ns2.deru.net.
IN MX 10 mail
IN A 140.99.36.235
www IN A 140.99.36.235
smtp IN A 140.99.36.235
pop IN A 140.99.36.235
mail IN A 140.99.36.235
ftp IN A 140.99.36.235
*.google IN CNAME www.google.com.
========================================================================
[root at ns1.deru.net] $ nslookup bubba.google.ipgods.com
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 140.99.0.2
Address: 140.99.0.2#53
bubba.google.ipgods.com canonical name = www.google.com.
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 66.102.7.104
Name: www.l.google.com
Address: 66.102.7.147
Name: www.l.google.com
Address: 66.102.7.99
[root at ns1.deru.net] $ nslookup myexample.google.ipgods.com
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 140.99.0.2
Address: 140.99.0.2#53
myexample.google.ipgods.com canonical name = www.google.com.
www.google.com canonical name = www.l.google.com.
Name: www.l.google.com
Address: 66.102.7.99
Name: www.l.google.com
Address: 66.102.7.104
Name: www.l.google.com
Address: 66.102.7.147
;-)
Darin
More information about the PLUG-discuss
mailing list