[63108] in North American Network Operators' Group
Re: A list of (mostly) technical consequences of TLD wildcards
daemon@ATHENA.MIT.EDU (Paul Vixie)
Sat Sep 27 11:42:55 2003
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 27 Sep 2003 15:42:18 +0000
In-Reply-To: <Pine.LNX.4.55L.0309271129270.27958@imladris.surriel.com>
Errors-To: owner-nanog-outgoing@merit.edu
> Makes me wonder why Verisign didn't use a (less harmful?) CNAME wildcard ...
The CNAME algorythm in RFC1034 looks for CNAMEs before it looks for wildcards,
meaning that the target of a CNAME could end up matching a wildcard, but the
CNAME owner itself won't be found using the wildcarding rules. see [4.3.2].
What this means is, there is no such thing as a wildcard CNAME.
--
Paul Vixie
