Here's what I suspect is happening but can't prove it on my own systems since I don't want to stick a wildcard record on my DNS servers.
This somewhat works, except that when I run nslookup www.domain.com I
get this response:
Server: winsrv.domain.com
Address: 172.16.1.2
Name: www.domain.com.domain.com
Address: 172.16.1.3
This is because your nslookup query is technically an unqualified name.
You can test this by doing an nslookup www.domain.com. (note the trailing period/dot at the end that "qualifies" it) and see if the return is valid now.
EDIT: yeah this seams to be the case...because your wildcard entry is invalidating the normal NXDOMAIN response nslookup normally returns in this case. Since nslookup always appends the suffix if the lookup doesn't have the trailing period.
For instance, here's one on my computer:
> set debug=true
> www.yahoo.com
Server: dc1.mdmarra.local
Address: 10.10.10.10
------------
Got answer:
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0
QUESTIONS:
www.yahoo.com.mdmarra.local, type = A, class = IN
AUTHORITY RECORDS:
Notice how it returned NXDOMAIN for www.yahoo.com.mdmarra.local. It will then go on to query just www.yahoo.com using forwarders. Since you have the wildcard entry it thinks your query is valid based on the wildcard.
