Wildcards match only one label
SivaKesava1 opened this issue · 1 comments
SivaKesava1 commented
Hello,
Wildcards can match not only one label but multiple whole labels (RFC 1034). Trust-DNS accepts wildcard records but matches only one label.
Consider the following example:
example.com. | 500 | SOA | ns1.outside.com. root.example.com. 3 604800 86400 2419200 604800 |
example.com. | 500 | NS | ns1.outside.com. |
*example.com. | 500 | A | 1.1.1.1 |
For queries of the kind, <something.example.com., A>
, the server returns the A
record. But if the query has more than one label before example.com
, then the A
record is not returned; instead, an NXDOMAIN
is returned. Wildcards are pervasive in DNS - Surveying DNS Wildcard Usage Among the Good, the Bad, and the Ugly.
bluejekyll commented
Thanks for the report. This should be fixable, but will need some attention to detail as it's going to require changing lookup logic in the zones, etc.