[Pdns-users] Wildcard CNAME weirdness; getting wildcard NS

Robert van der Meulen powerdns at wiretrip.org
Tue Mar 2 00:37:21 UTC 2004 

Hi,

I've been staring at this for quite some time now, but can't figure out if
this is just me making stupid typo's, or a powerDNS bug.

Consider the following situation (relevant zone excerpts pasted):

PowerDNS 2.9 on a Debian (kernel 2.6.something) box, bind backend for
master zones, secondary zones for a couple of supermasters in a postgresql
database.

I'm using wildcard CNAME records for *.rfc.wiretrip.org within the
wiretrip.org zone, and a couple of other subdomains within the wiretrip.org
zone, but these are delegated.
This is my 'original' (buggy) bind config snippet:

|nomail          IN      A       195.64.82.87
|rfc             IN      CNAME   nomail
|wiretrip.org.   IN      A       195.64.82.87
|
|*.rfc           IN      CNAME   nomail
|
|$ORIGIN ipv6.wiretrip.org.
|                IN      NS      ns.wiretrip.org.
|                IN      NS      ns2.wiretrip.org.
|                IN      NS      ns3.wiretrip.org.
|
|$ORIGIN home.wiretrip.org.
|                IN      NS      ns.wiretrip.org.
|                IN      NS      ns2.wiretrip.org.
|                IN      NS      ns3.wiretrip.org.

.. which gives me the following:

<rvdm at twofish:~> dig @localhost wiretrip.org axfr | grep rfc
rfc.wiretrip.org.       3600    IN      CNAME   nomail.wiretrip.org.
*.rfc.ipv6.wiretrip.org. 3600   IN      NS      ns2.wiretrip.org.
*.rfc.home.wiretrip.org. 3600   IN      NS      ns.wiretrip.org.
*.rfc.ipv6.wiretrip.org. 3600   IN      NS      ns.wiretrip.org.
*.rfc.home.wiretrip.org. 3600   IN      NS      ns3.wiretrip.org.
*.rfc.wiretrip.org.     3600    IN      CNAME   nomail.wiretrip.org.
*.rfc.ipv6.wiretrip.org. 3600   IN      NS      ns3.wiretrip.org.
*.rfc.home.wiretrip.org. 3600   IN      NS      ns2.wiretrip.org.
<rvdm at twofish:~>

It seems powerdns acts on $ORIGIN a bit strangely - or I don't understand
how to use it. When I replace the $ORIGIN bits with something like this:

|*.rfc           IN      CNAME   nomail
|
|ipv6.wiretrip.org. IN   NS      ns.wiretrip.org.
|ipv6.wiretrip.org. IN   NS      ns2.wiretrip.org.
|ipv6.wiretrip.org. IN   NS      ns3.wiretrip.org.
|
|home.wiretrip.org. IN   NS      ns.wiretrip.org.
|home.wiretrip.org. IN   NS      ns2.wiretrip.org.
|home.wiretrip.org. IN   NS      ns3.wiretrip.org.

Things work fine. Things *also* work fine if I keep the $ORIGIN bits in
place, but move the '*.rfc' entry to a different spot in the config file
(just below the 'rfc IN CNAME' entry). 

Am I using $ORIGIN in a way that I shouldn't ? Am I making some typo
somewhere ? The scenario above ($ORIGIN some.sub.domain) might not be the
prettiest way to do things, but it can save a lot of typing (especially in
ipv6 reverse zones ;) ).

Luckily I have a secondary still running bind, who was refusing my zone for
the (valid?) reason of wildcard NS records - my other powerdns secondary
accepted the zone without problems.

Greets,
	Robert
-- 
/^"- '-(\__/)-' -"^\
    '-.' oo '.-' Holy Jesus! What are these goddamn animals?!
       `-..-'       
            Finger rvdm at db.debian.org for my GPG key.

More information about the Pdns-users mailing list