[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wildcards, was Re: dkim technology?
>It's my understanding that in general a wildcard will not apply to a
>name for which there is a record of any RR type associated with it. So
>even if you create a new RR type "XYZ", and publish an XYZ record for
>*.example.com, that record will not be returned for foo.example.com if
>there is an A record for foo.example.com.
You understand correctly. If you point this out on namedroppers, you
will get roundly flamed since it is a smop to run through your zone
files and create the necessary records to cover all existing names,
and you are not allowed to care that it doubles or triples the size of
your zones. It is also easy to create new RR types and if you and
your users have a million machines that can't handle new RRs, you
should just upgrade them.
Vixie agrees that it would be nice if there were some way to do
internal wildcards for SRV records, e.g. _something.*.example.com but
it would completely break DNSSEC to do it on the server. (Of course
it's recently been pointed out that DNSSEC makes it possible to
enumerate all the records in every zone, which appears to run afoul of
European privacy laws, but I don't think we're allowed to care about
that either.) It'd be straightforward to do it on the client side,
perhaps with hints from the server about which names to check, but now
you're back to at least upgrading all of your DNS caches if not all of