This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/12154] Cannot resolve hosts which have wildcard aliases
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 01 Mar 2016 05:22:30 +0000
- Subject: [Bug network/12154] Cannot resolve hosts which have wildcard aliases
- Auto-submitted: auto-generated
- References: <bug-12154-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=12154
--- Comment #11 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Charlie Brady from comment #7)
> (In reply to Florian Weimer from comment #6)
>
> > glibc follows the syntactical requirements of RFC 1123:
> >
> > http://tools.ietf.org/html/rfc1123#page-13
> >
> > extended with support for underscores in 1998.
>
> rfc 4592 "The Role of Wildcards in the Domain Name System" (from 2006) needs
> to be considered.
Not really. I'll try to explain why, but this is somewhat tricky.
Technically, no wildcard is involved here, because that's not a DNS feature
which is visible on the interface between authoritative server and recursor.
> I found this issue when investigating lookup failures on the name
> 3d06bae3-cff4-43c6-825d-96175822a583.um.outlook.com.
>
> DNS is returning a valid response:
>
> Answers
> 3d06bae3-cff4-43c6-825d-96175822a583.um.outlook.com: type CNAME,
> class IN, cname *.um.outlook.com
> .glbdns2.microsoft.com
> Name: 3d06bae3-cff4-43c6-825d-96175822a583.um.outlook.com
> Type: CNAME (Canonical NAME for an alias) (5)
> Class: IN (0x0001)
> Time to live: 297
> Data length: 37
> CNAME: *.um.outlook.com.glbdns2.microsoft.com
That's the questionable bit. Wildcards cannot be used on the right hand side
of a CNAME record because the server will not expand them. In this position,
â*â is just a label label like any other which is not
It happens to work without host name checks because â*â as a label is matched
by the wildcard:
> *.um.outlook.com.glbdns2.microsoft.com: type CNAME, class IN, cname
> wildcard-namnorth.um.outlook.com
> Name: *.um.outlook.com.glbdns2.microsoft.com
> Type: CNAME (Canonical NAME for an alias) (5)
> Class: IN (0x0001)
> Time to live: 300
> Data length: 20
> CNAME: wildcard-namnorth.um.outlook.com
â*â is both a valid DNS label (but not for host names), and used (in a form of
in-band signaling) to mark DNS records for wildcard processing (on the
left-hand side). But on the DNS query interface, you never see â*â in its
wildcard role, it's always a regular label.
> https://groups.google.com/forum/#!topic/comp.protocols.dns.bind/bVSyx6oLiAA
The conclusion of this thread seems to be that the current glibc behavior is
correct. I disagree to some extent; I think we should accept such responses
and extract address information from them (but not all alias information).
--
You are receiving this mail because:
You are on the CC list for the bug.