[Pdns-dev] [PATCH] Possible wildcard bug
Mike Wilson
geekinutah at gmail.com
Thu Feb 17 11:14:19 CET 2011
And here is the patch of course.
On Thu, Feb 17, 2011 at 3:13 AM, Mike Wilson <geekinutah at gmail.com> wrote:
> Hey noticed this while testing PowerDNS Authoritative Nameserver
> 2.9.22. Here's my config file:
>
> logging-facility=0
> skip-cname=no
> launch=gmysql
> gmysql-user=pdns
> gmysql-password=*secret*
> gmysql-dbname=pdns
> loglevel=9
> wildcards=yes
> daemon=yes
> soa-expire-default=300
> soa-minimum-ttl=60
> distributor-threads=1
> out-of-zone-additional-processing=yes
> recursor=8.8.8.8
>
>
> Lets say I have have a wildcard record pointing to 1.1.1.1 for zone. I
> also have example.zone in my database. When I query the nameserver for
> nonexistentsubdomain.example.zone I would always get 1.1.1.1 as my
> answer. I was expecting to get no answer at all rather than the
> wildcard for zone. I'm not an expert at DNS, but looking at RFC 1034
> it seems like my expectations match with the required behavior and I
> cannot find anything in RFC 4592 that would seem to change that.
> Specifically, this is the part it seems to violate from section 4.3.3
> of RFC 1034:
>
> Wildcard RRs do not apply:
>
> - When the query is in another zone. That is, delegation cancels
> the wildcard defaults.
>
> - When the query name or a name between the wildcard domain and
> the query name is know to exist. For example, if a wildcard
> RR has an owner name of "*.X", and the zone also contains RRs
> attached to B.X, the wildcards would apply to queries for name
> Z.X (presuming there is no explicit information for Z.X), but
> not to B.X, A.B.X, or X.
>
> I wrote a patch to correct the behavior if it is indeed a bug. The
> patch is included. What do you guys think? I realize that it doesn't
> cover the whole case of "the zone also contains RRs attached to B.X",
> but checking to see if we are authoritative for that domain would seem
> like a good place to stop the wildcard search.
>
> -Mike Wilson
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pdns-2.9.22-rfc1034.section.4.3.3.patch
Type: text/x-patch
Size: 2307 bytes
Desc: not available
URL: <http://mailman.powerdns.com/pipermail/pdns-dev/attachments/20110217/8a775059/attachment.bin>
More information about the Pdns-dev
mailing list