Publish a record at the zone level.
I believe this is known not to work, because clients cannnot reliably
see zone cuts through a DNS cache other than by walking up or down the
tree and looking for the SOA record. (Caches don't always pass along
the SOA from the additional section since the only useful info there
for normal clients is the TTL which it has anyway.) I also think
there may be some unpleasantness with glue records.
We went through all of this at great length with CSV and concluded
that the least bad way to do faux wildcards with prefixed names was a
tree climb limited to about five levels and stopping at the TLD or
maybe 2LD.
R's,
John
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html