I'm trying to wrap my head around the wonderful world on DNS.
I have created a zone file for example.com which contains:
@ A 1.2.3.4
* A 1.2.3.4
However I am also setting up my local DNS, local.example.com which I have created a separate zone file for containing the following:
machine1 A 192.168.0.1
machine2 A 192.168.0.2
When I dig machine1.local.example.com it returns A record 192.168.0.1, great.
Sadly, badmachine.local.example.com returns 1.2.3.4, as does local.example.com.
I'm not sure of the best way to prevent this. If I add the following to the local.example.com empty A records are returned for the above 2 examples as is the behaviour I desire:
@ A
* A
I want anything.example.com to use the wildcard EXCEPT anything in the local.example.com subdomain which I do not want to give a response unless specified. Essentially I need a wild card with one exclusion.
Is this allowed? Is this best practice, or am I doing things terribly wrong? I'm using PowerDNS with BIND backend.
Thanks for your thoughts!
Best Answer
Firstly, your comment to Chris S above clarifies (indeed, modifies) your original question considerably, and I hope you'll forgive me editing it into your original question.
Secondly, null records aren't permitted, as others have noted.
Thirdly, I think the way to do what you want is to declare
local.example.com
to be a proper subdomain:listing the same two nameservers as you currently run for example.com (note: I don't know PowerDNS,so my entries above are in BIND format). Then on those nameservers (which I presume is this nameserver) you declare a zonefile for local.example.com which contains only the hosts you want to resolve, and no wildcard record.
So when people look up
foo.example.com
, assuming that's not listed, it'll match the existing wildcard record, and return1.2.3.4
(or whatever). But when people look upfoo.local.example.com
, the nameserver records forlocal.example.com
will be returned and a further recursion will take place, with your nameserver now looking at the zonefile forlocal.example.com
, and saying (in the absence of a specific record for foo and a wildcard in local.example.com) "no, there is no such record".