4

I am trying to set up a wildcard entry in MS DNS Server (on Windows Server 2008 within Active Directory) so that requests for all subdomains resolve to the same IP address. For example:

name1.my.subd.plop.com >>> 192.168.255.4

name2.my.subd.plop.com >>> 192.168.255.4

anythingyouwant.my.subd.plop.com >>> 192.168.255.4

I believe this should be simple but simply cant get it to work! I have tried two options, A records and CNAME records.

The A record in the plop.com domain is simply:

*.my.subd A 192.168.255.25

When I use nslookup to resolve a domain it doesn't report an error OR an IP address. Dig output:

C:\Users\myusername>dig anything.my.subd.plop.com

; <<>> DiG 9.10-P2 <<>> anything.my.subd.plop.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55062
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;anything.my.subd.plop.com.       IN      A

;; AUTHORITY SECTION:
plop.com.           3600    IN      SOA     dns1.plop.com. admin.plop.com. 2012291129     900 600 86400 900

;; Query time: 2 msec
;; SERVER: 192.168.255.10#53(192.168.255.10)
;; WHEN: Wed Jul 23 16:42:31 GMT Summer Time 2014
;; MSG SIZE  rcvd: 113

From a client command prompt PING it simply fails:

C:\Users\myusername>ping anything.my.subd.plop.com
Ping request could not find host anything.my.subd.plop.com. Please check the name
and try again.

If I use a CNAME entry with an "*" nslookup reports the correct IP address but the client PING fails in the same way as above.

I am hoping this is a simple error that someone can help with, I dont mind looking silly if I can get it working, it is driving me nuts!!

More info:

I have created a new zone on my DNS server and added a similar wildcard entry. This works as expected.

I have changed my zone from a Primary Zone to an Active Directory - Integrated Primary which has had no impact on the response.

I added a wilcard A record (*) at the "root" level (i.e. *.plop.com) and this also fails in the same way.

Andy
  • 101
  • 1
  • 1
  • 7
  • 1
    Can you include `dig` output that shows off the problem? Also, the trailing dot in the owner name column looks incorrect in the wildcard record in the question but maybe that is more of a question formatting error than anything significant? – Håkan Lindqvist Jul 23 '14 at 14:12
  • I have added some nslookup output for the CNAME lookup. The text with the dot is created for me by the Windows GUI... – Andy Jul 23 '14 at 15:04
  • Ok, but what you added looks like something that worked(?). I was hoping you would add something that shows off the problem. (Also, I think you'll be better off with `dig` in the long run if you're working with dns. It does what you asked and shows the full result, it's also the defacto standard in dns troubleshooting.) – Håkan Lindqvist Jul 23 '14 at 15:09
  • Thank you Håkan! I have installed dig and using that now. I have added output for the A record lookup which doesn't fail BUT doesn't return an IP address. I have also added the output from the PING command which fails to look up the domain. I removed the nslookup output for CNAME as, as you said, this is working as you'd expect... – Andy Jul 23 '14 at 15:51
  • So now it's the actual record listed above in the question (`*.my.subd A 192.168.255.25`) that is present in the zone? It's worth noting that you're not getting an `NXDOMAIN` response but rather an empty `NOERROR` response. This indicates that it is a name that exists but that it doesn't have an `A` record specifically. Is there some other kind of record for `anything.my.subd.plop.com`? The coverage of a wildcard will end at any name that exists. – Håkan Lindqvist Jul 23 '14 at 16:05
  • *.my.subd A 192.168.255.25 is the record in the zone file (I do not edit this directly but through the GUI), there is no record for "anything.my.subd.plop.com". I often use different domains to test, e.g. kl23j4.my.subd.plop.org, monkey.my.subd.plop.org, help.my.subd.plop.org etc – Andy Jul 24 '14 at 08:17
  • Can you share more context (ideally the whole zone) so that one can better understand what is actually going on? – Håkan Lindqvist Jul 24 '14 at 11:18
  • Hi Håkan, I'd prefer not to publicly publish our private DNS entries, perhaps I could mail them to you? – Andy Jul 24 '14 at 11:51

2 Answers2

6

Oh the relief! I have found out why it wasn't working as I expected :-)

My DNS server was set to "Use WINS forward lookup" (Right click the zone and select Properties, choose the WINS tab and deselect "Use WINS forward lookup").

Once deselected it all worked as I expected....

Andy
  • 101
  • 1
  • 1
  • 7
0

Did you lookup the name before the wildcard record was created? The client and/or/both the DNS server will have cached this negative lookup result which will cause your subsequent lookups to still fail after the record was created. I think default is 24 hrs for it to timeout on its own. Try "ipconfig /flushdns" on the client and/or cycling the DNS service on the server to flush the cache there.

Clayton
  • 4,483
  • 16
  • 24
  • The dig output in the question shows that the `aa` flag is set, meaning this is an authoritative answer, not a potentially cached recursive lookup. – Håkan Lindqvist Jul 23 '14 at 16:56
  • (Negative caching will be based on the `SOA` `MINIMUM` field.) – Håkan Lindqvist Jul 23 '14 at 17:07
  • I have flushed dns and restarted DNS services to see if it helps. It hasn't. I am also expecting any host to resolve (thanks to the wildcard) so I try new "random" stuff everytime (e.g. wdfwf.my.subd.plop.org) and they still dont work. – Andy Jul 24 '14 at 08:14