william(at)elan.net [william(_at_)elan(_dot_)net] wrote:
On Fri, 14 Jan 2005, Alex van den Bogaerdt wrote:
On Fri, Jan 14, 2005 at 08:53:19PM +0100, Julian Mehnle wrote:
Now, what exactly is the supposed difference between the classic *
and the proposed **/*! again? That the former only applies to
non-existent domains, while the latter also applies to domains that
already have some RR defined for them? Or is there another
difference?
The new wildcard applies if the RR does not exist; whether this
is because the domain does not exist or because the node does
not contain the specified RR.
Actually I only wanted if domain exist but has not specified RR. This
would be safer from the prospect of dns design and integration with
existing system (and for SPF lookusp that means that the new wildcard
record is only used if answer is NODATA but not with NXDOMAIN - for
which you usually do not get an AUTHORITY section).
This would be inconsistent with the behavior of *, and I fear that would
scare off the IETF DNS guys more than necessary. If you really want to do
that, then you should at least call it something like + instead of **, to
indicate that it only applies to domains that already exist.
"**" appears to me like "apply to all domains, existent or not, and even
if there is already defined a RR of the same type, i.e. possibly generate
multiple records of the same type".
* -- apply only to non-existent domains.
+ -- apply only to existent domains for which there is not already a RR
of the same type. (If just "+" is not allowed, make that "*=".)
*+ -- apply to non-existent domains and to existent domains for which
there is not already a RR of the same type. (formerly *!)
** -- apply to all (non-existent and existent) domains, regardless if
there is already a RR of the same type.
(Not that I wanted to define all of those, I just want to give a map of
what I have in mind when choosing a name for the new wildcard.)