Widespread misinterpretation of DNS rules in resolving wildcards

Posted by Dominic Sayers on Server Fault See other posts from Server Fault or by Dominic Sayers
Published on 2013-06-18T13:30:27Z Indexed on 2013/07/02 11:07 UTC
Read the original article Hit count: 393

Filed under:
|

[EDITED to add: This problem has gone away on its own. I believe Cloudflare's name resolution may have been to blame. See my own answer below]

Here is a snippet of my zone file

*.example.com.      300 IN  CNAME   proxy.herokuapp.com.
foo.example.com.    300 IN  A       111.111.111.111

If I dig @8.8.8.8 foo.example.com I get the answer I expect:

;; ANSWER SECTION:
foo.example.com.    30  IN  A   111.111.111.111

The same is true of all other public DNS servers I've tried.

However, when I try to set up a check with Pingdom to a URL on foo.example.com it instead sends the traffic to my Heroku app referenced by the *.example.com RR.

The same is true of checks set up on New Relic, Errplane and traffic generated by the Heroku app itself.

So on the one side, all public DNS servers interpret the zone file one way. Yet four service providers all interpret it a different way, one that differs to the standard suggested by RFC 4592.

My question is: are these reputable, mature service providers all wrong? Or is it little me?

© Server Fault or respective owner

Related posts about dns

Related posts about wildcard