Use the zone cut as defined in [RFC2181] section 6.
I wish we could drive a stake through the heart of this bad idea.
Much though we would like a wildcard scheme that matched people's
needs better than the one built into DNS servers, zone cuts are not
it.
For one thing, there is no reliable way to find the zone cut above a
DNS name other than walking up the DNS tree one level at a time. I
realize that BIND usually puts an SOA in a response to give you a hint
where the zone cut is, but that SOA is an entirely optional part of
the response, no RFC mandates or even particularly recommends it, and
there are widely used DNS caches that do not return the SOA. If you're
going to walk up the tree anyway, there's better options than zone cuts.
Moreover, zone boundaries need not match administrative boundaries.
Zone cuts exist for the convenience of DNS administrators. It's quite
common to break up one administrative domain into multiple zones, and
it's not unheard of to combine multiple administrative domains into a
single zone if they happen to be hosted on the same DNS server.
Zone cuts do what they do just fine, allow delegation of subtrees of
the DNS, but that doesn't make them wildcards. So please stop saying
that we should use them as wildcards. OK?
--
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 330 5711
johnl(_at_)iecc(_dot_)com, Mayor, http://johnlevine.com,
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail