Is setting an empty/blank DNS A record allowed?

domain-name-system bind a-record powerdns

I'm trying to wrap my head around the wonderful world on DNS.

I have created a zone file for example.com which contains:

@     A    1.2.3.4
*     A    1.2.3.4

However I am also setting up my local DNS, local.example.com which I have created a separate zone file for containing the following:

machine1     A    192.168.0.1
machine2     A    192.168.0.2

When I dig machine1.local.example.com it returns A record 192.168.0.1, great.

Sadly, badmachine.local.example.com returns 1.2.3.4, as does local.example.com.

I'm not sure of the best way to prevent this. If I add the following to the local.example.com empty A records are returned for the above 2 examples as is the behaviour I desire:

@     A
*     A

I want anything.example.com to use the wildcard EXCEPT anything in the local.example.com subdomain which I do not want to give a response unless specified. Essentially I need a wild card with one exclusion.

Is this allowed? Is this best practice, or am I doing things terribly wrong? I'm using PowerDNS with BIND backend.

Thanks for your thoughts!


Solution 1:

Firstly, your comment to Chris S above clarifies (indeed, modifies) your original question considerably, and I hope you'll forgive me editing it into your original question.

Secondly, null records aren't permitted, as others have noted.

Thirdly, I think the way to do what you want is to declare local.example.com to be a proper subdomain:

local                       IN      NS      ns1.example.com
local                       IN      NS      ns2.example.com

listing the same two nameservers as you currently run for example.com (note: I don't know PowerDNS,so my entries above are in BIND format). Then on those nameservers (which I presume is this nameserver) you declare a zonefile for local.example.com which contains only the hosts you want to resolve, and no wildcard record.

So when people look up foo.example.com, assuming that's not listed, it'll match the existing wildcard record, and return 1.2.3.4 (or whatever). But when people look up foo.local.example.com, the nameserver records for local.example.com will be returned and a further recursion will take place, with your nameserver now looking at the zonefile for local.example.com, and saying (in the absence of a specific record for foo and a wildcard in local.example.com) "no, there is no such record".

Solution 2:

It would be useful to know exactly what responses you are after. The first two lines quoted in your question set the default response for the domain, and unmatched record response as well. Hence example.com will be serviced by the "@" record, and anything-that-doesnt-exist.exmaple.com will be serviced by the "*" record. They aren't necessary, you can get rid of both. Setting them to blank values is an invalid configuration (on most systems).

Related

VPN trace route
Replication from OSX OpenDirectory to OpenLDAP
Why should www.domain and mail.domain be used?
Setting up a linux switch
Trying to understand why VLANs need to be created on intermediate switches
Remove directories in Solaris
PostgreSQL database server virtualization, yay or nay?
Dynamic DNS for Shared Hosting - Does it exist?
Dead gateway detection on linux
What are some specific changes you make when hardening a new NetBSD install?
Need help diagnosing network performance issues
knowning how much time is left before cron weekly runs?