[dns-operations] Akamai now works with ENT (Empty Non-Terminals)?
tale at dd.org
Wed Apr 17 18:28:43 UTC 2019
Shumon Huque writes:
> ;*.h4ha.net. IN A
> *.h4ha.net. RRSIG A 13 2 [...]
> *.h4ha.net. A 220.127.116.11
> Interesting problem. So the wildcard can be queried directly and validates
There's a subtle bit of terminology massaging that is probably
required here. It's not quite the case that the wildcard is being
queried directly, but rather that the * label in the query is hitting
the wildcard expansion and is then replaced by a * label and thus
returning something that looks like the wildcard name but isn't
really. At least that's what's going on in the sense of the DNS
standards; I've got no idea how that server might be handling things
in its code.
It's not really different than querying :.h4ha.net. Oddly it is
different from querying ,.h4ha.net, which I tried first but returned
ServFail -- but then I just tried ,.h4ha.net again and got NoError so
something odd is going on. Digs were done just against my default
DNSSEC-validating and caching resolver so maybe the first validation
failed but subsequent ones somehow found what the validator needed. I
didn't look closely.
More information about the dns-operations