wildcard not working after record deleted

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

wildcard not working after record deleted

Maria Iano
We have a group of users that need to use a wildcard record in their
zone. Their wildcard works in general, but they have a situation where it
isn't working. They had some records that they deleted, and expected
the wildcard to take over, but it hasn't. If we query a record that
doesn't exist and never has in the zone, then we get the answer from
the wildcard. If we query a record that used to exist but was deleted
and now doesn't exist, then we get no answer. We don't get NXDOMAIN, we
get

status: NOERROR

and no answer.

Has anyone else come across this?

Thanks,
Maria

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

/dev/rob0
On Mon, Jun 19, 2017 at 06:19:31PM -0400, Maria Iano wrote:
> We have a group of users that need to use a wildcard record in
> their zone. Their wildcard works in general, but they have a
> situation where it isn't working. They had some records that they
> deleted, and expected the wildcard to take over, but it hasn't. If
> we query a record that doesn't exist and never has in the zone,
> then we get the answer from the wildcard. If we query a record that
> used to exist but was deleted and now doesn't exist, then we get no
> answer. We don't get NXDOMAIN, we get

NXDOMAIN means there is no data of any type for the queried owner
name.

> status: NOERROR
>
> and no answer.

NOERROR means the query completed successfully, with no error.  It
might mean in your case that there is other data with that owner
name, but no RRset of the requested type.

IOW, when you have a TXT and A record with the same owner:

sample 7200 IN A 192.0.2.53
sample 7200 IN TXT "This is a sample."
* 7200 IN A 192.0.2.101

If you delete the A record, the TXT is still there, and your wildcard
A record in the zone would not be used for that name.

> Has anyone else come across this?

That's the best guess I can come up with without seeing the query and
the zone data.  If you need more help you will have to share that
information.
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Maria Iano
On Mon, Jun 19, 2017 at 09:08:33PM -0500, /dev/rob0 wrote:

> On Mon, Jun 19, 2017 at 06:19:31PM -0400, Maria Iano wrote:
> > We have a group of users that need to use a wildcard record in
> > their zone. Their wildcard works in general, but they have a
> > situation where it isn't working. They had some records that they
> > deleted, and expected the wildcard to take over, but it hasn't. If
> > we query a record that doesn't exist and never has in the zone,
> > then we get the answer from the wildcard. If we query a record that
> > used to exist but was deleted and now doesn't exist, then we get no
> > answer. We don't get NXDOMAIN, we get
>
> NXDOMAIN means there is no data of any type for the queried owner
> name.
>
> > status: NOERROR
> >
> > and no answer.
>
> NOERROR means the query completed successfully, with no error.  It
> might mean in your case that there is other data with that owner
> name, but no RRset of the requested type.
>
> IOW, when you have a TXT and A record with the same owner:
>
> sample 7200 IN A 192.0.2.53
> sample 7200 IN TXT "This is a sample."
> * 7200 IN A 192.0.2.101
>
> If you delete the A record, the TXT is still there, and your wildcard
> A record in the zone would not be used for that name.
>
> > Has anyone else come across this?
>
> That's the best guess I can come up with without seeing the query and
> the zone data.  If you need more help you will have to share that
> information.

Thanks for your answer. There are no other records with that name in the
zone, and an ANY query comes back empty but still with status of
NOERROR. Unfortunately, I can't provide the query and zone data, and I
do understand that prevents you from helping.

I was hoping someone else had come across this at some point.

Thanks again,
Maria

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

wbrown
> Thanks for your answer. There are no other records with that name in the
> zone, and an ANY query comes back empty but still with status of
> NOERROR. Unfortunately, I can't provide the query and zone data, and I
> do understand that prevents you from helping.

Not even an SOA record?



Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Maria Iano
On Tue, Jun 20, 2017 at 10:02:04AM -0400, [hidden email] wrote:
> > Thanks for your answer. There are no other records with that name in the
> > zone, and an ANY query comes back empty but still with status of
> > NOERROR. Unfortunately, I can't provide the query and zone data, and I
> > do understand that prevents you from helping.
>
> Not even an SOA record?
>
There is an SOA record under the AUTHORITY SECTION. There is no ANSWER
SECTION. Here is what comes back from a dig command, and I apologize for
having to remove the names:

; <<>> DiG 9.10.2-P3 <<>> @<server> <name> any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19780
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;<name> IN ANY

;; AUTHORITY SECTION:
<zone> 300 IN SOA <server> <admin email> 2017062002 1200 600 604800 300

;; Query time: 59 msec
;; SERVER: <server>
;; WHEN: Tue Jun 20 10:14:58 EDT 2017
;; MSG SIZE  rcvd: 108

That is the entire output from the dig command!

Thanks,
Maria

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

/dev/rob0
In reply to this post by Maria Iano
On Tue, Jun 20, 2017 at 09:17:58AM -0400, Maria Iano wrote:
> Thanks for your answer. There are no other records with that name
> in the zone, and an ANY query comes back empty but still with
> status of NOERROR. Unfortunately, I can't provide the query and
> zone data, and I do understand that prevents you from helping.
>
> I was hoping someone else had come across this at some point.

I can continue to waste our time with guesses, however. :)

Have you tried directed queries to an authoritative nameserver?
Today's guess is that you might be seeing some kind of caching issue.
A directed query like this:

$ dig sample.example.com. any @<auth-ns-IP-addr>

should return the wildcard if all records at "sample.example.com"
have been removed.

If in fact you were querying a caching resolver, is that BIND?  Is
the authoritative nameserver BIND?
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

/dev/rob0
On Tue, Jun 20, 2017 at 09:29:59AM -0500, /dev/rob0 wrote:

> On Tue, Jun 20, 2017 at 09:17:58AM -0400, Maria Iano wrote:
> > Thanks for your answer. There are no other records with that name
> > in the zone, and an ANY query comes back empty but still with
> > status of NOERROR. Unfortunately, I can't provide the query and
> > zone data, and I do understand that prevents you from helping.
> >
> > I was hoping someone else had come across this at some point.
>
> I can continue to waste our time with guesses, however. :)
>
> Have you tried directed queries to an authoritative nameserver?
> Today's guess is that you might be seeing some kind of caching
> issue.

Today's guess retracted, I just saw your followup. :)

> Is the authoritative nameserver BIND?

If so, what version?  You might need to file a bug report (and as of
now the bug database is entirely private; that will be changing soon,
but if you ask them, ISC will keep your bug report private.)

Of course, if the server in question is *not* BIND, you're in the
wrong place to ask. :)
--
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Maria Iano
In reply to this post by /dev/rob0
On Tue, Jun 20, 2017 at 09:29:59AM -0500, /dev/rob0 wrote:

> On Tue, Jun 20, 2017 at 09:17:58AM -0400, Maria Iano wrote:
> > Thanks for your answer. There are no other records with that name
> > in the zone, and an ANY query comes back empty but still with
> > status of NOERROR. Unfortunately, I can't provide the query and
> > zone data, and I do understand that prevents you from helping.
> >
> > I was hoping someone else had come across this at some point.
>
> I can continue to waste our time with guesses, however. :)
>

I really appreciate that! :)

> Have you tried directed queries to an authoritative nameserver?
> Today's guess is that you might be seeing some kind of caching issue.
> A directed query like this:
>
> $ dig sample.example.com. any @<auth-ns-IP-addr>
>
> should return the wildcard if all records at "sample.example.com"
> have been removed.

The queries are being directed at an authoritative server, exactly as
you describe above.

This issue applies to some records that were deleted on
June 18th. I can't recreate it. I have deleted other records and
found that the wildcard immediately takes over. As far as I can tell
this only applies to the particular set of records deleted on the 18th.
I'm told they were deleted in the same way we always do.

We also pay for a secondary dns provider who pulls our zones from the
same authoritative servers of ours which have this issue.
The wildcard works when we send the query to one of our secondary
provider's name servers.

Here is the answer from one of the secondary provider's servers:

; <<>> DiG 9.10.2-P3 <<>> @<providers-server> <name> any
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13930
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;<name> IN ANY

;; ANSWER SECTION:
<name> 300 IN CNAME <data-in-wilcard-record>

;; Query time: 29 msec
;; SERVER: <providers-server>
;; WHEN: Tue Jun 20 10:40:18 EDT 2017
;; MSG SIZE  rcvd: 82

>
> If in fact you were querying a caching resolver, is that BIND?  Is
> the authoritative nameserver BIND?

Our servers are running bind.

Thanks,
Maria

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Maria Iano
In reply to this post by /dev/rob0
On Tue, Jun 20, 2017 at 09:37:04AM -0500, /dev/rob0 wrote:

> On Tue, Jun 20, 2017 at 09:29:59AM -0500, /dev/rob0 wrote:
> > On Tue, Jun 20, 2017 at 09:17:58AM -0400, Maria Iano wrote:
> > > Thanks for your answer. There are no other records with that name
> > > in the zone, and an ANY query comes back empty but still with
> > > status of NOERROR. Unfortunately, I can't provide the query and
> > > zone data, and I do understand that prevents you from helping.
> > >
> > > I was hoping someone else had come across this at some point.
> >
> > I can continue to waste our time with guesses, however. :)
> >
> > Have you tried directed queries to an authoritative nameserver?
> > Today's guess is that you might be seeing some kind of caching
> > issue.
>
> Today's guess retracted, I just saw your followup. :)
>
> > Is the authoritative nameserver BIND?
>
> If so, what version?  You might need to file a bug report (and as of
> now the bug database is entirely private; that will be changing soon,
> but if you ask them, ISC will keep your bug report private.)
>

Good to know, we may go ahead and file a report if we can't figure this
out.

Thanks!
Maria

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Bryan Bradsby
In reply to this post by Maria Iano

--
At your service,
Bryan Bradsby

512.936.2248
DIR/CTS/NOC-IT

On Tue, 2017-06-20 at 10:51 -0400, Maria Iano wrote:


> The queries are being directed at an authoritative server, exactly as
> you describe above.
>
> We also pay for a secondary dns provider who pulls our zones from the
> same authoritative servers of ours which have this issue.
> The wildcard works when we send the query to one of our secondary
> provider's name servers.
>
> Here is the answer from one of the secondary provider's servers:
>
> ; <<>> DiG 9.10.2-P3 <<>> @<providers-server> <name> any

> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;<name> IN ANY
>
> ;; ANSWER SECTION:
> <name> 300 IN CNAME <data-in-wilcard-record>

BIND does not allow a CNAME at the apex of the zone, some other flavors
of DNS servers allow this. 

Was the wildcard changed to a CNAME in the last edit?


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Matus UHLAR - fantomas
In reply to this post by Maria Iano
>On Mon, Jun 19, 2017 at 09:08:33PM -0500, /dev/rob0 wrote:
>> sample 7200 IN A 192.0.2.53
>> sample 7200 IN TXT "This is a sample."
>> * 7200 IN A 192.0.2.101
>>
>> If you delete the A record, the TXT is still there, and your wildcard
>> A record in the zone would not be used for that name.

On 20.06.17 09:17, Maria Iano wrote:
>Thanks for your answer. There are no other records with that name in the
>zone, and an ANY query comes back empty but still with status of
>NOERROR. Unfortunately, I can't provide the query and zone data, and I
>do understand that prevents you from helping.
>
>I was hoping someone else had come across this at some point.

note that existande of "something.sample" subdomain also means that
"sample" exists and is empty.


--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Fwd: Re: wildcard not working after record deleted]

Bryan Bradsby
In reply to this post by Bryan Bradsby
On Tue, 2017-06-20 at 10:51 -0400, Maria Iano wrote:

BIND does not allow a CNAME at the apex of the zone, some other flavors
of DNS servers allow this. 

Was the wildcard changed to a CNAME in the last edit?

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Maria Iano
In reply to this post by Bryan Bradsby
On Tue, Jun 20, 2017 at 10:08:44AM -0500, Bryan Bradsby wrote:

> On Tue, 2017-06-20 at 10:51 -0400, Maria Iano wrote:
> > 
> > The queries are being directed at an authoritative server, exactly as
> > you describe above.
> >
> > We also pay for a secondary dns provider who pulls our zones from the
> > same authoritative servers of ours which have this issue.
> > The wildcard works when we send the query to one of our secondary
> > provider's name servers.
> >
> > Here is the answer from one of the secondary provider's servers:
> >
> > ; <<>> DiG 9.10.2-P3 <<>> @<providers-server> <name> any
> > 
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4096
> > ;; QUESTION SECTION:
> > ;<name> IN ANY
> >
> > ;; ANSWER SECTION:
> > <name> 300 IN CNAME <data-in-wilcard-record>
>
> BIND does not allow a CNAME at the apex of the zone, some other flavors
> of DNS servers allow this. 

At first I was really hopeful that we had our explanation, but then I
realized you are talking about a CNAME for the zone itself, which we
don't have. I think this was a misunderstanding because of my sloppy
editing of the dig results. Replacing our zone name with example.com,
our wildcard record looks like this:

*.example.com. 300 IN CNAME name.cname.points.to.

Here are the results of a dig query for a record that was deleted, and a
dig query for a record that never existed, this time with the names
again replaced (sorry) with something more helpful.

$ dig @ns1.domain.com. deletedname.example.com. any

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.12 <<>> @ns1.domain.com. deletedname.example.com. any
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4107
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;deletedname.example.com. IN ANY

;; AUTHORITY SECTION:
example.com. 300 IN SOA ns1.domain.com. dnsadmin.example.com. 2017062002 1200 600 604800 300

;; Query time: 6 msec
;; SERVER: IPofns1#53(IPofns1)
;; WHEN: Tue Jun 20 11:27:17 2017
;; MSG SIZE  rcvd: 96

$ dig @ns1.domain.com. nonexistentname.example.com. any

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.12 <<>> @ns1.domain.com. nonexistentname.example.com. any
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8568
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 16, ADDITIONAL: 4

;; QUESTION SECTION:
;nonexistentname.example.com. IN ANY

;; ANSWER SECTION:
nonexistentname.example.com. 300 IN CNAME name.cname.points.to.

;; AUTHORITY SECTION:
list of all of our NS records

;; ADDITIONAL SECTION:
list of IPs of our name servers

;; Query time: 1 msec
;; SERVER: IPofns1#53(IPofns1)
;; WHEN: Tue Jun 20 11:27:26 2017
;; MSG SIZE  rcvd: 462

>
> Was the wildcard changed to a CNAME in the last edit?
>

I just checked, and the wildcard record hasn't been changed since 2015.

Thanks,
Maria

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Maria Iano
In reply to this post by Matus UHLAR - fantomas
On Tue, Jun 20, 2017 at 05:39:46PM +0200, Matus UHLAR - fantomas wrote:
>
> note that existande of "something.sample" subdomain also means that
> "sample" exists and is empty.
>

That's it! They have www.deletedrecord in the zone! I missed it because
I was searching for deletedrecord* and not *.deletedrecord*.
It didn't help that both of our secondary dns providers do
hand back the wildcard answer to the query. I take it that means they
are not using bind, and their implementations follow different rules for
wildcards.

Thank you all for your time!

Maria

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

wbrown
In reply to this post by Maria Iano
Can you post a copy of the zone file, changing any server names that
absolutely must be obscure?




Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Maria Iano
On Tue, Jun 20, 2017 at 12:22:42PM -0400, [hidden email] wrote:
> Can you post a copy of the zone file, changing any server names that
> absolutely must be obscure?
>

Thank you for your help with this, and you are right, if I had sent you
the edited zone file that would have revealed the cause - i.e. the
subdomain records of the deleted records. I had searched for records
beginning with the deleted names, and not records that were
subdomains of the deleted names. Also, our secondary DNS providers hand
out the wildcard record even though the subdomain records exist.

Thanks!
Maria
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Cathy Almond
In reply to this post by Maria Iano
On 20/06/2017 14:17, Maria Iano wrote:

> On Mon, Jun 19, 2017 at 09:08:33PM -0500, /dev/rob0 wrote:
>> On Mon, Jun 19, 2017 at 06:19:31PM -0400, Maria Iano wrote:
>>> We have a group of users that need to use a wildcard record in
>>> their zone. Their wildcard works in general, but they have a
>>> situation where it isn't working. They had some records that they
>>> deleted, and expected the wildcard to take over, but it hasn't. If
>>> we query a record that doesn't exist and never has in the zone,
>>> then we get the answer from the wildcard. If we query a record that
>>> used to exist but was deleted and now doesn't exist, then we get no
>>> answer. We don't get NXDOMAIN, we get

As has been explained already, no answer, no error means that the name
exists, but not an RRset of the type you queried for.

Since the ANY query also comes back empty, you've probably got a
situation something like this in the zone:

sample 7200 IN A 192.0.2.53
child.sample 7200 IN A 192.0.2.54
* 7200 IN A 192.0.2.101

If you delete the 'sample' RR, the wildcard will still not match any
queries for sample.  This is because the existence of 'child.sample'
means that 'sample' also exists, even though it has no RRsets of any type.

'sample' in this case is what's called an 'Empty Non-Terminal'.

Does this scenario explain what you are seeing?

Cathy
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: wildcard not working after record deleted

Maria Iano
On Tue, Jun 20, 2017 at 11:29:27PM +0100, Cathy Almond wrote:

> On 20/06/2017 14:17, Maria Iano wrote:
>
> As has been explained already, no answer, no error means that the name
> exists, but not an RRset of the type you queried for.
>
> Since the ANY query also comes back empty, you've probably got a
> situation something like this in the zone:
>
> sample 7200 IN A 192.0.2.53
> child.sample 7200 IN A 192.0.2.54
> * 7200 IN A 192.0.2.101
>
> If you delete the 'sample' RR, the wildcard will still not match any
> queries for sample.  This is because the existence of 'child.sample'
> means that 'sample' also exists, even though it has no RRsets of any type.
>
> 'sample' in this case is what's called an 'Empty Non-Terminal'.
>
> Does this scenario explain what you are seeing?
>
> Cathy

Yes it does, that is exactly what was happening and we are in good shape
now. I was able to explain to the users and they plan to delete the child
records. I did recommend to them that they not use wildcard records,
but they continue to need them.

Thank you for the detailed explanation!

Maria

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Loading...