Widespread misinterpretation of DNS rules in resolving wildcards
Posted
by
Dominic Sayers
on Server Fault
See other posts from Server Fault
or by Dominic Sayers
Published on 2013-06-18T13:30:27Z
Indexed on
2013/07/02
11:07 UTC
Read the original article
Hit count: 393
[EDITED to add: This problem has gone away on its own. I believe Cloudflare's name resolution may have been to blame. See my own answer below]
Here is a snippet of my zone file
*.example.com. 300 IN CNAME proxy.herokuapp.com.
foo.example.com. 300 IN A 111.111.111.111
If I dig @8.8.8.8 foo.example.com
I get the answer I expect:
;; ANSWER SECTION:
foo.example.com. 30 IN A 111.111.111.111
The same is true of all other public DNS servers I've tried.
However, when I try to set up a check with Pingdom to a URL on foo.example.com
it instead sends the traffic to my Heroku app referenced by the *.example.com
RR.
The same is true of checks set up on New Relic, Errplane and traffic generated by the Heroku app itself.
So on the one side, all public DNS servers interpret the zone file one way. Yet four service providers all interpret it a different way, one that differs to the standard suggested by RFC 4592.
My question is: are these reputable, mature service providers all wrong? Or is it little me?
© Server Fault or respective owner