[Pdns-users] DNSSEC and subdomains with wildcards

Peter van Dijk peter.van.dijk at netherlabs.nl
Fri May 30 05:11:27 UTC 2014

Hello Chris,

On 29 May 2014, at 14:22 , Chris <lists at shthead.com> wrote:

> Now I see that 'test.wildcard.testdomain.asia' no longer resolves. Looking in the database there is a new entry for 'test.wildcard.testdomain.asia' with null 'type' and 'content', so I assume that pdns sees that record with no content and figures there is nothing to do.
> My question is, should this happen? Resolving other names on the wildcard look fine, eg. 'test1.wildcard.testdomain.asia':

Yes, this is intentional behaviour. You will find that other name servers (BIND, NSD) show the same behaviour, even before you enable DNSSEC. Your subdomain.test entry in effect creates a ‘test’ subtree, which means the wildcard no longer applies to queries for anything in .test.

For more information, please see

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20140530/110bc44f/attachment-0001.sig>

More information about the Pdns-users mailing list