Free Software UK

Discussion about Free Software here in the UK

You are not logged in.

#1 2017-09-13 16:25:29

From: Worthing, South East
Registered: 2016-10-16
Posts: 61

Insane DNS behaviour

Today I found out the hard way that wildcard DNS entries only work if there are no other DNS entries for that subdomain. So a wildcard A record can be broken by adding an SPF entry.

RFC 1912 vaguely mentions this but doesn't explain why.

Do you think this behaviour makes sense? To me it seems extremely dangerous since simply adding an SPF record can break an A record that has been working for years, and you won't notice until the DNS propogates.

Last edited by Xylon (2017-09-14 18:51:18)

Forum Founder and Boss. View my blog and submit to my FS success stories platform.

Fellow of the FSFE (#3509)


#2 2017-09-14 09:52:15

From: Norfolk
Registered: 2016-10-17
Posts: 29

Re: Insane DNS behaviour

Much of DNS seems arbitrary but it doesn't matter as long as it's consistent and documented. SPFs sort-of accompany MXs, so I'm not sure why you'd want one with a wildcard A record - a wildcard CNAME would seem better and hopefully(!) an SPF lookup would treat a wildcard CNAME as an instruction to lookup the SPF of the canonical name but SPF is all a massive bodge anyway so who knows? You're at least five levels deep down the rabbit hole by that point!

You write RFC 1912 but link RFC 1034 BTW.


Board footer

Free Software UK forum - founded by Joseph Graham, hosted by Mythic Beasts, Powered by FluxBB