Clarification on wildcard falls into glue records

[rams]

Hi,
I have NS record points a record [A/AAAA] which is falls into wildcard . But when I query for NS record against bind, we are not getting these records as glue records.

ex:
*.a.example.com A 1.1.1.1
example.com. NS abc.a.example.com.

Querying example.com with any or ns.
don't we get glue records for this scenario? please confirm.

[Alexander Gurvitz]

You should NOT get A records. Wildcard works only for hostnames
that have NO records of ANY type.

>From wikipedia:
To quote RFC 1912, "A common mistake is thinking that a wildcard
MX for a zone will apply to all hosts in the zone. A wildcard MX will
apply only to names in the zone which aren't listed in the DNS at all.
" That is, if there is a wild card MX for *.example.com, and an
A record (but no MX record) for www.example.com, the correct
response (as per RFC 1034) to an MX request for www.example.com
is "no error, but no data"; this is in contrast to the possibly expected
response of the MX record attached to *.example.com.

Regards,
Alexander,
net-me.net

> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

[Sam Wilson]

In article <mailman.797.1337090...@lists.isc.org>,

Alexander Gurvitz <al...@net-me.net> wrote:

> You should NOT get A records. Wildcard works only for hostnames
> that have NO records of ANY type.

Excuse me while I delirk, but this is interesting. Is a name on the RHS
of an RR regarded as existing enough to prevent wildcard lookup? In
this I would have expected the NS lookup to be followed by an A lookup
for abc.a.example.com which would match the wildcard, assuming no other
records match that name on the LHS.

Sam

> >From wikipedia:
> To quote RFC 1912, "A common mistake is thinking that a wildcard
> MX for a zone will apply to all hosts in the zone. A wildcard MX will
> apply only to names in the zone which aren't listed in the DNS at all.
> " That is, if there is a wild card MX for *.example.com, and an
> A record (but no MX record) for www.example.com, the correct
> response (as per RFC 1034) to an MX request for www.example.com
> is "no error, but no data"; this is in contrast to the possibly expected
> response of the MX record attached to *.example.com.
>
> Regards,
> Alexander,
> net-me.net
>
> On Tue, May 15, 2012 at 9:34 AM, rams <bram...@gmail.com> wrote:
> > Hi,
> > I have NS record points a record [A/AAAA] which is falls into wildcard . But
> > when I query for NS record against bind, we are not getting these records as
> > glue records.
> >
> > ex:
> > *.a.example.com A 1.1.1.1
> > example.com. NS abc.a.example.com.
> >
> > Querying example.com with any or ns.
> > don't we get glue records for this scenario? please confirm.

--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

[Tony Finch]

Sam Wilson <Sam.W...@ed.ac.uk> wrote:
>
> Is a name on the RHS of an RR regarded as existing enough to prevent
> wildcard lookup?

No, only RR owner names.

> In this I would have expected the NS lookup to be followed by an A
> lookup for abc.a.example.com which would match the wildcard, assuming no
> other records match that name on the LHS.

Yes that should work. The latter answer might appear to be missing because
additional section processing is a bit special. In your original question
you mentioned glue, which is only necessary for delegations above the zone
cut, and probably should not rely on wildcards. If this is a zone apex NS
RRset then the server doesn't have to fill in the additional section. See
the example below, from a nameserver that has minimal-responses turned on.

; <<>> DiG 9.8.1-P1 <<>> ns dotat.at
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41609
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;dotat.at. IN NS

;; ANSWER SECTION:
dotat.at. 3600 IN NS ns1.gratisdns.dk.
dotat.at. 3600 IN NS black.dotat.at.
dotat.at. 3600 IN NS puck.nether.net.
dotat.at. 3600 IN NS ns3.gratisdns.dk.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 15 15:52:19 2012
;; MSG SIZE rcvd: 123

Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Forties, Cromarty, Forth, Tyne, Dogger: Northwest 5 to 7, occasionally 4 in
Forth and Tyne. Moderate or rough, occasionally very rough in Forties and
Dogger. Showers. Good, occasionally moderate.

[Sam Wilson]

In article <mailman.800.1337093...@lists.isc.org>,

Tony Finch <d...@dotat.at> wrote:

> Sam Wilson <Sam.W...@ed.ac.uk> wrote:
> >
> > Is a name on the RHS of an RR regarded as existing enough to prevent
> > wildcard lookup?
>
> No, only RR owner names.
>
> > In this I would have expected the NS lookup to be followed by an A
> > lookup for abc.a.example.com which would match the wildcard, assuming no
> > other records match that name on the LHS.
>
> Yes that should work. The latter answer might appear to be missing because
> additional section processing is a bit special. In your original question

> you mentioned glue, ...

Not I - another poster.

Sam

[Tony Finch]

Sam Wilson <Sam.W...@ed.ac.uk> wrote:
>
> Not I - another poster.

Sorry!

[SM]

At 07:08 15-05-2012, Alexander Gurvitz wrote:
> From wikipedia:
>To quote RFC 1912, "A common mistake is thinking that a wildcard

Using Wikipedia to quote RFC 1912 is odd ...

Regards,
-sm