Wouter Wijngaards wrote:

> Issue [4.11]:
> What should happen with a wildcard with RRtype DNAME, i.e.
> *.example.com DNAME example.net. RFC 4592 [RFC4592] discourages
> this. Behaviour unspecified (strict interpretation of RFC 2672 says
> that for queries for which the wildcard is expanded, no DNAME
> processing occurs, and for queries for the '*' label
> ('foo.*.example.com') the DNAME is followed.).
>
> If allowed it will lead to confusion. RFC 4592 already discourages.


we can keep in line with RFC 4592, but the reason is not 'just confusion':
At an authoritative server, *.example DNAME would only affect anything
below *.example, but explicit query for a DNAME at, e.g., confusing.example,
would 'implant' a DNAME in a cache that then might answer queries for QNAMES
below 'confusing.example' differently. With DNSSEC, the cache/resolver
would know there was a wildcard expansion, but using that to special case
DNAME doesn't appear too attractive to me. So, wildcard DNAMEs are not
only operationally confusing, but would lead to inconsistent views of
the namespace.

-Peter

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: