[dns-operations] *.cn A wildcard
Francisco Arias
francisco at arias.com.mx
Mon Oct 26 19:11:45 UTC 2009
If you try an IDN there seems to be expansion:
I get the same for all .CN servers over IPv4, except c.dns.cn. for
which I get no response.
If you query the CNNIC whois you get the info doesn't exist for the
IDN in both forms. Although I do not know Chinese and there is the
possibility that I'm doing something wrong there.
The IP 159.226.7.162 in the response is registered to CNNIC in the
APNIC WHOIS. When you enter the IDN domain in a web browser you get a
page in Chinese with the CNNIC logo.
Below are a couple of DNS queries I made:
$ dig +norecurse -t any xn--p8sv0elx4a.cn. @ns.cernet.net.
; <<>> DiG 9.4.3-P3 <<>> +norecurse -t any xn--p8sv0elx4a.cn. @ns.cernet.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63336
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 0
;; QUESTION SECTION:
;xn--p8sv0elx4a.cn. IN ANY
;; ANSWER SECTION:
xn--p8sv0elx4a.cn. 21600 IN A 159.226.7.162
;; AUTHORITY SECTION:
cn. 21600 IN NS a.dns.cn.
cn. 21600 IN NS c.dns.cn.
cn. 21600 IN NS e.dns.cn.
cn. 21600 IN NS d.dns.cn.
cn. 21600 IN NS ns.cernet.net.
cn. 21600 IN NS b.dns.cn.
;; Query time: 301 msec
;; SERVER: 202.112.0.44#53(202.112.0.44)
;; WHEN: Mon Oct 26 11:08:43 2009
;; MSG SIZE rcvd: 162
------------
$ dig +norecurse -t any xn--avemaradamepuntera-mybl.cn. @203.119.25.1
; <<>> DiG 9.4.3-P3 <<>> +norecurse -t any
xn--avemaradamepuntera-mybl.cn. @203.119.25.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41818
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 7
;; QUESTION SECTION:
;xn--avemaradamepuntera-mybl.cn. IN ANY
;; ANSWER SECTION:
xn--avemaradamepuntera-mybl.cn. 21600 IN A 159.226.7.162
;; AUTHORITY SECTION:
cn. 21600 IN NS e.dns.cn.
cn. 21600 IN NS ns.cernet.net.
cn. 21600 IN NS a.dns.cn.
cn. 21600 IN NS b.dns.cn.
cn. 21600 IN NS c.dns.cn.
cn. 21600 IN NS d.dns.cn.
;; ADDITIONAL SECTION:
a.dns.cn. 86400 IN A 203.119.25.1
a.dns.cn. 86400 IN AAAA 2001:dc7::1
b.dns.cn. 86400 IN A 203.119.26.1
c.dns.cn. 86400 IN A 203.119.27.1
d.dns.cn. 86400 IN A 203.119.28.1
d.dns.cn. 86400 IN AAAA 2001:dc7:1000::1
e.dns.cn. 86400 IN A 203.119.29.1
;; Query time: 212 msec
;; SERVER: 203.119.25.1#53(203.119.25.1)
;; WHEN: Mon Oct 26 12:06:43 2009
;; MSG SIZE rcvd: 311
---------------
$ dig +norecurse -t any *.cn. @203.119.25.1
; <<>> DiG 9.4.3-P3 <<>> +norecurse -t any *.cn. @203.119.25.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12943
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 7
;; QUESTION SECTION:
;*.cn. IN ANY
;; ANSWER SECTION:
*.cn. 21600 IN A 159.226.7.162
;; AUTHORITY SECTION:
cn. 21600 IN NS d.dns.cn.
cn. 21600 IN NS e.dns.cn.
cn. 21600 IN NS ns.cernet.net.
cn. 21600 IN NS a.dns.cn.
cn. 21600 IN NS b.dns.cn.
cn. 21600 IN NS c.dns.cn.
;; ADDITIONAL SECTION:
a.dns.cn. 86400 IN A 203.119.25.1
a.dns.cn. 86400 IN AAAA 2001:dc7::1
b.dns.cn. 86400 IN A 203.119.26.1
c.dns.cn. 86400 IN A 203.119.27.1
d.dns.cn. 86400 IN A 203.119.28.1
d.dns.cn. 86400 IN AAAA 2001:dc7:1000::1
e.dns.cn. 86400 IN A 203.119.29.1
;; Query time: 215 msec
;; SERVER: 203.119.25.1#53(203.119.25.1)
;; WHEN: Mon Oct 26 12:08:53 2009
;; MSG SIZE rcvd: 285
__
fjac
2009/10/26 Florian Weimer <fweimer at bfk.de>:
> Does a *.cn A wildcard exist or not? From our point of view, there's
> one on ns.cernet.net (202.112.0.44), but not on the other IPv4
> servers.
>
> Does anybody know the reason behind this configuration? It seems to
> be a mismatch of the name server software or
> configuration. [a-e].dns.cn serve the *.cn/IN/A entry, but do not
> expand it.
>
> --
> Florian Weimer <fweimer at bfk.de>
> BFK edv-consulting GmbH http://www.bfk.de/
> Kriegsstraße 100 tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
More information about the dns-operations
mailing list