[dns-operations] Wildcard label as CNAME target seen in the wild
Dave Lawrence
tale at dd.org
Thu Mar 7 21:55:07 UTC 2019
Interesting:
; <<>> DiG 9.12.4 <<>> vault-at-sso.edge.chnonprod.net
;;;...
;; ANSWER SECTION:
vault-at-sso.edge.chnonprod.net. 300 IN CNAME \
*.internal-default.edge.chnonprod.net.
*.internal-default.edge.chnonprod.net. 900 IN CNAME \
internal-default.edge.chnonprod.net.
internal-default.edge.chnonprod.net. 60 IN CNAME \
internal-default-us-east-1.edge.chnonprod.net.
internal-default-us-east-1.edge.chnonprod.net. 60 IN A 172.25.97.122
internal-default-us-east-1.edge.chnonprod.net. 60 IN A 172.25.66.57
internal-default-us-east-1.edge.chnonprod.net. 60 IN A 172.25.81.150
This fails on systems which are enforcing LDH hostname rules.
Observed, not just theoretical.
More information about the dns-operations
mailing list