= DNS/ワイルドカード = <> <> [[DNS/用語/wildcards]] wildcardレコードとして定義されているかの、確認法: 間違いの多い機能である。 == awsdns == awsでの制限: [[/awsdns]] https://docs.aws.amazon.com/ja_jp/Route53/latest/DeveloperGuide/DomainNameFormat.html#domain-name-format-asterisk *.example.com という名前のレコードを作成し、example.com レコードがない場合、 Route 53 は NXDOMAIN (存在しないドメイン) として example.com の DNS クエリに応答します。 NS タイプのあるレコードで「*」をワイルドカードとして使用することはできません。 You can't use the * as a wildcard for records that have a type of NS. == RFC 4592 == この使い方は禁止されてはいないが、使わない方がよい。 {{{ 4.1. SOA RRSet at a Wildcard Domain Name $ORIGIN *.example. @ 3600 IN SOA 3600 NS ns1.example.com. 3600 NS ns1.example.net. www 3600 TXT "the www txt record" A query for www.*.example.'s TXT record would still find the "the www txt record" answer. The asterisk label only becomes significant when section 4.3.2, step 3, part 'c' is in effect. }}} {{{ 4.2. NS RRSet at a Wildcard Domain Name With the definition of DNSSEC [RFC4033, RFC4034, RFC4035] now in place, the semantics of a wildcard domain name owning an NS RRSet has come to be poorly defined. The dilemma relates to a conflict between the rules for synthesis in part 'c' and the fact that the resulting synthesis generates a record for which the zone is not authoritative. In a DNSSEC signed zone, the mechanics of signature management (generation and inclusion in a message) have become unclear. Salient points of the working group discussion on this topic are summarized in section 4.2.1. }}} {{{ As a result of these discussions, there is no definition given for wildcard domain names owning an NS RRSet. The semantics are left undefined until there is a clear need to have a set defined, and until there is a clear direction to proceed. Operationally, inclusion of wildcard NS RRSets in a zone is discouraged, but not barred. }}}