Wildcard hosts - DNS

This is a discussion on Wildcard hosts - DNS ; I was wondering if someone would mind highlighting any 'issues' with using wildcard hosts. ie: *.mydomain.com...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Wildcard hosts

  1. Wildcard hosts

    I was wondering if someone would mind highlighting any 'issues' with
    using wildcard hosts.

    ie: *.mydomain.com



  2. Re: Wildcard hosts

    In article , "AF"
    wrote:

    > I was wondering if someone would mind highlighting any 'issues' with
    > using wildcard hosts.
    >
    > ie: *.mydomain.com


    The most common problem is that it prevents getting proper name lookup
    errors from applications that automatically append the local domain
    name. E.g. if you try to look up gooogle.com (let's pretend this
    doesn't exist), and when the application gets an error from DNS it
    retries this as gooogle.com.mydomain.com, this will return a result
    because of the wildcard. So the user never gets told that he misspelled
    google.com.

    Things are even worse for applications and libraries that append the
    default domain BEFORE trying the name as given. Then even if you type
    google.com correctly, it will look up google.com.mydomain.com, and
    return the address from the wildcard rather than the correct address of
    google.com. And unfortunately, there are still quite a few applications
    that work like this (Windows NSLOOKUP seems to be one of them).

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***



  3. Re: Wildcard hosts


    On Aug 25, 2006, at 6:48 PM, Barry Margolin wrote:

    > In article , "AF"
    > wrote:
    >
    >> I was wondering if someone would mind highlighting any 'issues' with
    >> using wildcard hosts.
    >>
    >> ie: *.mydomain.com

    >
    > The most common problem is that it prevents getting proper name lookup
    > errors from applications that automatically append the local domain
    > name. E.g. if you try to look up gooogle.com (let's pretend this
    > doesn't exist), and when the application gets an error from DNS it
    > retries this as gooogle.com.mydomain.com, this will return a result
    > because of the wildcard. So the user never gets told that he
    > misspelled
    > google.com.
    >
    > Things are even worse for applications and libraries that append the
    > default domain BEFORE trying the name as given. Then even if you type
    > google.com correctly, it will look up google.com.mydomain.com, and
    > return the address from the wildcard rather than the correct
    > address of
    > google.com. And unfortunately, there are still quite a few
    > applications
    > that work like this (Windows NSLOOKUP seems to be one of them).


    It also causes problems for a well-known browser behavior of
    prepending "www." and appending ".com" to any single-label domain
    entered as a hostname, but only if the name doesn't look up by itself
    first. (IE doesn't do this, but most other browsers do, starting with
    Netscape 1.something).

    Given the hostname input "foo" and the searchlist "example.com", the
    order of queries is (with most current stub resolvers):

    "foo.example.com"
    "foo"
    "www.foo.com"

    Well, foo.example.com will return a positive ansewer if *.example.com
    exists and owns an A record.

    BTW: Windows nslookup bypasses the stub resolver, instead imitating
    the behavior of really old stub resolvers (using the search list
    first). That's why it's different (and bad). I don't know of any
    other examples - not saying you're wrong, Barry, I'm just not
    familiar with the examples.

    Chris Buxton
    Men & Mice



+ Reply to Thread