[dns-operations] about wildcard for CNAME

Dave Warren davew at hireahit.com
Mon Jul 4 08:16:37 UTC 2016

On 2016-07-04 00:48, yhpeng at orange.fr wrote:
> I know wildcard can be setup for A,AAAA,MX etc.
> But following this thread,
> http://serverfault.com/questions/44618/is-a-wildcard-cname-dns-record-valid
> wildcard seems should support CNAME too.
> if I setup this:
> *.example.com.  CNAME  wild.example.net.
> *.example.com.  MX     mail.example.net.
> www.example.comA
> When we query for "www.example.comA" or "www.example.comMX",  since 
> there are CNAME exists,they may get conflicted, we won't get the 
> correct result.
> So we shouldn't setup wildcard for a CNAME. am I right? 

The wildcard isn't a problem, but the fact that you've placed a 
conflicting MX and CNAME obviously is, so first we need to fix that. 
Assuming this zone is example.com (and assuming we have valid SOA and NS 
records omitted for brevity), let's take the CNAME out to reduce 
confusion and start simple:

*    A
*    MX    0 mail.example.net.
www  A

Query results would look like this (query label, RR type, result)

bob  A
bob  MX    0 mail.example.net.
joe  A
joe  MX    0 mail.example.net.
www  A
www  MX    (no data)

The key here is that once you have any RR for a particular label, it 
overrides the wildcarded results for all RR types. As a result, CNAMEs 
add nothing new here. Start with a simple zone:

*    CNAME wild.example.net.
www  A

And the same queries (query label, RR type, result)

bob  A     CNAME wild.example.net.
bob  MX CNAME wild.example.net.
joe  A CNAME wild.example.net.
joe  MX    CNAME wild.example.net.
www  A
www  MX    (no data)

And to be pedantic, I'm assuming you meant "www.example.com." in your 
original message, otherwise it's probably "com.example.com." that you 
overrode with your "www.example.com" record because "www.example.com" 
would expand to "www.example.com.example.com.", but none of that matters 
since you have a conflicting CNAME and MX and therefore your zone 
wouldn't load in the first place.

Dave Warren

More information about the dns-operations mailing list