Wildcard entries returning answers for non-matching zone in authoritative nameserver

Question

Wildcard entries returning answers for non-matching zone in authoritative nameserver

pinheadmz opened this issue 5 years ago · 1 comments

Trying to run an AuthServer locally with both of these setups:

server.setOrigin('myzone.');
server.zone.fromString('*.myzone. 21600 IN A 10.20.30.40');

server.setOrigin('myzone.');
server.zone.fromString('* 21600 IN A 10.20.30.40');

In both cases I'm getting unexpected results for names that do not match the zone:

dig @127.0.0.1 -p 5300 test.com

; <<>> DiG 9.14.6 <<>> @127.0.0.1 -p 5300 test.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16083
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.com.                      IN      A

;; ANSWER SECTION:
test.myzone.            21600   IN      A       10.20.30.40

;; Query time: 10 msec
;; SERVER: 127.0.0.1#5300(127.0.0.1)
;; WHEN: Mon Apr 27 15:01:21 EDT 2020
;; MSG SIZE  rcvd: 64

bns is attaching the first label in the query to the zone and returning.

Answer 1 · 2020-04-27T19:47:01.000Z

Possible solution:

diff --git a/lib/zone.js b/lib/zone.js
index 2568026..f52f051 100644
--- a/lib/zone.js
+++ b/lib/zone.js
@@ -532,6 +532,9 @@ function convert(name, rr) {

   assert(y.length > 0);

+  if (x[x.length - 1] !== y[y.length - 1])
+    return null;
+
   if (x.length < y.length)
     return rr;