Hurricane Electric's IPv6 Tunnel Broker Forums
June 18, 2013, 10:50:22 pm *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Welcome to Hurricane Electric's Tunnelbroker.net forums!
 
   Home   Help Search Login Register  
Hurricane Electric's IPv6 Tunnel Broker Forums > DNS.HE.NET Topics > General Questions & Suggestions > [SOLVED] Nameserver Delegation vs Wildcard Entry
Pages: [1]
« previous next »
  Print  
Author Topic: [SOLVED] Nameserver Delegation vs Wildcard Entry  (Read 1933 times)
dstest01
Newbie
*
Posts: 8


View Profile
« on: January 25, 2012, 04:24:26 pm »
Hi,

I'm troubled by some unexpected DNS behaviour. Let's say i have a zone x, with a subdomain a.x delegated to other nameservers, and a wildcard entry *.x, defined as CNAME to another subdomain b.x, which is a zone on the nameserver itself.

Now requests like foo.a.x are resolved via the wildcard, the a.x NS entry seems to be totally ignored. Can someone explain this please?

Thanks.
« Last Edit: January 27, 2012, 03:25:15 pm by dstest01 » Logged
snarked
Hero Member
*****
Posts: 581



View Profile
« Reply #1 on: January 26, 2012, 12:30:32 am »
Correct behavior.  No explanation needed.  Learn what a wildcard entry does.  If you want to map names from outside a subdomain into it, maybe you want DNAME?
Logged
dstest01
Newbie
*
Posts: 8


View Profile
« Reply #2 on: January 26, 2012, 09:02:51 am »
Quote from: snarked on January 26, 2012, 12:30:32 am
Correct behavior.  No explanation needed.  Learn what a wildcard entry does.

I tried... RFC1034 states:

Quote
Wildcard RRs do not apply:

   - When the query is in another zone.  That is, delegation cancels
     the wildcard defaults.

The only explanation i can think of right now is that the wildcard CNAME to an NS entry creates a situation where the nameserver sees a.x delegated and foo.a.x as well, then ignores the a.x delegation. But that would be a bug, wouldn't it? Whatever the case is, explanation would be appreciated. Wink

DNAME is not an option here i guess.
Logged
snarked
Hero Member
*****
Posts: 581



View Profile
« Reply #3 on: January 26, 2012, 09:30:46 am »
What makes you think that "foo.a.x" is delegated when "a.x" is?  Because you have a wildcard which it matches, you actually have it listed in the "x" zone and therefore have NOT delegated it.
Logged
dstest01
Newbie
*
Posts: 8


View Profile
« Reply #4 on: January 26, 2012, 12:46:02 pm »
Quote from: snarked on January 26, 2012, 09:30:46 am
What makes you think that "foo.a.x" is delegated when "a.x" is?

1. My feeling for what should be ...
2. The RFC.
3. Testing with other nameservers, running bind and powerdns... if i rebuild my configuration there, both answer with NS records for foo.a.x, what i actually expected...

As i wasn't able to reproduce the behaviour of the he.net nameservers, i wonder what's wrong on which side...

[later] ... so i tested a bit more and:

4. The he.net nameservers are giving me different results for the same query... ns1 answers with the delegation, ns2..5 are using the wildcard... just got even stranger...

edit: Now ns1 is also using the wildcard... testing with dig +norecurse @ns1.he.net asdf.whyst.trds.de
« Last Edit: January 26, 2012, 01:45:07 pm by dstest01 » Logged
dstest01
Newbie
*
Posts: 8


View Profile
« Reply #5 on: January 27, 2012, 03:24:37 pm »
Problem was fixed by an upgrade of the he.net nameservers. Thanks...
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!