[Pdns-users] DNSSEC and subdomains with wildcards
Peter van Dijk
peter.van.dijk at netherlabs.nl
Fri May 30 05:11:27 UTC 2014
Hello Chris,
On 29 May 2014, at 14:22 , Chris <lists at shthead.com> wrote:
> Now I see that 'test.wildcard.testdomain.asia' no longer resolves. Looking in the database there is a new entry for 'test.wildcard.testdomain.asia' with null 'type' and 'content', so I assume that pdns sees that record with no content and figures there is nothing to do.
>
> My question is, should this happen? Resolving other names on the wildcard look fine, eg. 'test1.wildcard.testdomain.asia':
Yes, this is intentional behaviour. You will find that other name servers (BIND, NSD) show the same behaviour, even before you enable DNSSEC. Your subdomain.test entry in effect creates a ‘test’ subtree, which means the wildcard no longer applies to queries for anything in .test.
For more information, please see
http://doc.powerdns.com/html/dnssec-modes.html#dnssec-direct-database
https://tools.ietf.org/html/rfc1034#section-4.3.2
https://tools.ietf.org/html/rfc4592#section-2.2
Kind regards,
--
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140530/110bc44f/attachment-0001.sig>
More information about the Pdns-users
mailing list