When I have a * entry in my zone file, how can I treat a specific name as nonexistent?
On our main domain, example.com
we're hosting a lot of websites. So we just added a *
A/AAAA record to our zone and pointed it at our webserver.
Sadly, this also causes Outlook to constantly hammer our webserver, because now autodiscover.example.com
points at our webserver. Not only will Outlook constantly try to connect to it, it will also pop open a warning, that the SSL certificate served by autodiscover.example.com
isn't valid for that domain.
To counter that issue, I added an explicit autodiscover
A record and pointed it to 127.0.0.1
, but that just causes other issues (especially when I'm running a webserver locally).
So, ideally, I would want to mark autodiscover
as nonexistent, so that Outlook will skip to a different auto-discovery mechanism. I realize that I could simply maintain a proper list of valid names in our zone, but I was hoping for something that requires less maintenance.
Solution 1:
You can’t set a node name to not resolve, unfortunately. However, as you discovered, if there is a node name defined for autodiscover
, that definition will take precedence over the wildcard record.
What you can do is to set up a definition for autodiscover
, but not as an A/CNAME record. Try. for example, a TXT record instead. From your DNS server’s point of view, the node is defined which means it won’t match the wildcard. From Outlook’s point of view, there is no A record so it can’t be resolved.
This is, of course, provided Outlook behaves sensibly and asks only for A/AAAA. I would not lay any money on that, but it’s worth a try.