[Pdns-users] Inconsistent wildcard behaviour with and without DNSSEC
Peter Thomassen
peter at desec.io
Fri Sep 9 02:00:56 UTC 2016
Hi,
I noticed the following inconsistency in the authoritative server, and I
would like to know if it is intended. (I was not unable to figure this
out by looking up the RFCs.)
Let's say we have
*.example.com. IN A 1.2.3.4
a.example.com. IN A 2.3.4.5
Then, without DNSSEC enabled, asking for the A record of b.a.example.com
gives 1.2.3.4. However, with DNSSEC enable, the result is NXDOMAIN.
So, there is a difference in how a wildcard record impacts higher-level
subdomains of a domain which is configured explicitly on the same level
as the wildcard record.
Is this behavior intended?
Best,
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20160908/eb37f7c7/attachment.sig>
More information about the Pdns-users
mailing list