[dns-operations] *.cn A wildcard
Chris Thompson
cet1 at cam.ac.uk
Mon Oct 26 17:42:27 UTC 2009
On Oct 26 2009, Florian Weimer wrote:
>Does a *.cn A wildcard exist or not?
That's a question for a philosopher, I think ...
> From our point of view, there's
>one on ns.cernet.net (202.112.0.44), but not on the other IPv4
>servers.
>
>Does anybody know the reason behind this configuration? It seems to
>be a mismatch of the name server software or
>configuration. [a-e].dns.cn serve the *.cn/IN/A entry, but do not
>expand it.
I confirm your observations (except that I can't get any response
out of c.dns.cn at all).
[abde].dns.cn respond to (CH,TXT,"version.bind") queries with an
obfusticated "BIND" or "BIND-9". I don't know how to configure
BIND to not expand wildcard RRs like that! ns.cernet.net refuses
(CH,TXT,"version.bind") queries.
One can get some interesting results from "host -C cn.". Everything
looks in step if you use the IPv4 addresses, but the IPv6 addresses
for [ad].dns.cn give much smaller serials, which rarely change (while
those at the IPv4 addresses increase every few seconds). So they
clearly aren't talking to the same servers - maybe anycast is
involved here.
One is tempted to describe the situation as ... inscrutable.
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list