[dns-operations] about wildcard for CNAME

Dave Warren davew at hireahit.com
Mon Jul 4 08:16:37 UTC 2016 

On 2016-07-04 00:48, yhpeng at orange.fr wrote:
> I know wildcard can be setup for A,AAAA,MX etc.
> But following this thread,
> http://serverfault.com/questions/44618/is-a-wildcard-cname-dns-record-valid
>
> wildcard seems should support CNAME too.
>
> if I setup this:
>
> *.example.com.  CNAME  wild.example.net.
> *.example.com.  MX     mail.example.net.
> www.example.comA     192.168.1.100
>
> When we query for "www.example.comA" or "www.example.comMX",  since 
> there are CNAME exists,they may get conflicted, we won't get the 
> correct result.
>
> So we shouldn't setup wildcard for a CNAME. am I right? 

The wildcard isn't a problem, but the fact that you've placed a 
conflicting MX and CNAME obviously is, so first we need to fix that. 
Assuming this zone is example.com (and assuming we have valid SOA and NS 
records omitted for brevity), let's take the CNAME out to reduce 
confusion and start simple:

*    A     192.168.1.100
*    MX    0 mail.example.net.
www  A     192.168.1.101

Query results would look like this (query label, RR type, result)

bob  A     192.168.1.100
bob  MX    0 mail.example.net.
joe  A     192.168.1.100
joe  MX    0 mail.example.net.
www  A     192.168.1.101
www  MX    (no data)

The key here is that once you have any RR for a particular label, it 
overrides the wildcarded results for all RR types. As a result, CNAMEs 
add nothing new here. Start with a simple zone:

*    CNAME wild.example.net.
www  A     192.168.1.101

And the same queries (query label, RR type, result)

bob  A     CNAME wild.example.net.
bob  MX CNAME wild.example.net.
joe  A CNAME wild.example.net.
joe  MX    CNAME wild.example.net.
www  A     192.168.1.101
www  MX    (no data)


And to be pedantic, I'm assuming you meant "www.example.com." in your 
original message, otherwise it's probably "com.example.com." that you 
overrode with your "www.example.com" record because "www.example.com" 
would expand to "www.example.com.example.com.", but none of that matters 
since you have a conflicting CNAME and MX and therefore your zone 
wouldn't load in the first place.

-- 
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

More information about the dns-operations mailing list