Wildcard is resolving more than its domain?

[MentosM]

I just noticed a problem with our wildcard setup. It works fine for our domain as *.domain.com will resolve to the IP set.. But also any domain that doesn’t exist is resolving to our IP, even non domains. Example a lookup on "kjsdf" will resolve to our IP.

I had:
* IN A <IP>

Then tried

*.domain.com. IN A <IP>

Same result.. Any help would be appreciated

 

[elgrandeperro]

Why do you want any *.domain.com to resolve to a particular IP?

The problem is the resolver is going to do exactly what you see, any unqualified request (existing or not) will return the wildcard when that domain is appended to the unqualified name.

The only wildcard I use is for MX/mail, to forward mail domains to mail hubs.

gene

 

[MentosM]

Well we would like *domain.com to resolve to our IP, we just don't want nonexistint domains to resolve to our IP.

We do want sldjkf.domain.com to resolve to the IP.. but we don't want jj3jh43j4h.com to resolve to our IP.

Is that possible? I never noticed it until today.

 

[elgrandeperro]

Well, you have it setup right, but it is only when you give the unqualfied name AND domain.com is in your search path that you are going to see a problem.

When you give a unqualified name, you are telling the resolver (on the client side) to append various domains and essentially guess. So if you say "blah", one of the guesses would have to be "blah.domain.com", and by definition of your wild card it matches and gives you back the ip you specify.

It is the client doing the guessing, the server has no idea whether the original request was fully qualified or unqualified.

So it is doing what you want; That is why this is a bad idea!

gene