DNS & BIND

DNS & BINDSearch this book
Previous: 15.1 Using CNAME RecordsChapter 15
Miscellaneous
Next: 15.3 A Limitation of MX Records
 

15.2 Wildcards

Something else we haven't covered yet is DNS wildcards. There are times when you want a single resource record to cover any possible name, rather than creating zillions of resource records that are all the same except for the domain name to which they apply. DNS reserves a special character, the asterisk ("*"), to be used in a DNS database file as a wildcard name. It will match any number of labels in a name, as long as there isn't an exact match with a name already in the DNS database.

Most often, you'd use wildcards to forward mail to non-Internet-connected networks. Suppose your site is not connected to the Internet, but you have a host that will relay mail between the Internet and your network. You could add a wildcard MX record to the movie.edu zone for Internet consumption that points all your mail to the relay. Here is an example:

*.movie.edu.  IN  MX  10 movie-relay.nea.gov.

Since the wildcard matches one or more labels, this resource record would apply to names like terminator.movie.edu, empire.fx.movie.edu, or casablanca.bogart.classics.movie.edu. The danger with wildcards is that they clash with search lists. This wildcard also matches cujo.movie.edu.movie.edu, making wildcards dangerous to use in your internal zone data. Remember that some versions of sendmail apply the search list when looking up MX records:

% nslookup
Default Server:  wormhole
Address:  0.0.0.0

> set type=mx                                    - Look up MX records
> cujo.movie.edu                                 - for cujo
Server:  wormhole
Address:  0.0.0.0

cujo.movie.edu.movie.edu     - This isn't a real host's name!
        preference = 10, mail exchanger = movie-relay.nea.gov

What are the limitations of wildcards? Wildcards do not match names for which there is already data. Suppose you did use wildcards within your zone data, as in these partial contents of db.movie:

*     IN  MX  10 mail-hub.movie.edu.
et    IN  MX  10 et.movie.edu.
jaws  IN  A   192.253.253.113
fx    IN  NS  bladerunner.fx.movie.edu.
fx    IN  NS  outland.fx.movie.edu.

Mail to terminator.movie.edu will be sent to mail-hub, but mail to et.movie.edu will be sent directly to et. An MX lookup of jaws.movie.edu would result in a response that said there was no MX data for that name. The wildcard doesn't apply because an A record exists. The wildcard also doesn't apply to domain names in fx.movie.edu, because they don't apply across delegation.

Can you use wildcards safely within your zone data? Yes. We'll cover that case a little later in this chapter.


Previous: 15.1 Using CNAME RecordsDNS & BINDNext: 15.3 A Limitation of MX Records
15.1 Using CNAME RecordsBook Index15.3 A Limitation of MX Records