1

I have a wildcard DNS on my external service: *.example.com

I have one specific service, that I need to NOT resolve externally, to help a VPN service type connection fail silently.

If there a way to make a specific entry NOT resolve? i.e. server.example.com should not resolve.

thanks

user1076412
  • 113
  • 4

1 Answers1

2

Lookups to Wildcard DNS entries will fail if they match any existing non-wildcard record. You could set up a "dummy" TXT record for server.example.com and host lookups (A or CNAME) for that record should fail to resolve.

The BIND example would be:

server.example.com.      IN     TXT    "Nothing to see here"
Andy
  • 1,111
  • 1
  • 7
  • 10
  • 1
    I don't think that *will fail if they match any existing record* is the best way to describe expected wildcard behavior (it seems suggest both that they actually matched and that something failed), wildcards are simply defined such that they do not match any branches that exist. – Håkan Lindqvist May 18 '15 at 05:55
  • Putting a dummy "TXT" record isn't going to help if the query asked for an "A" record. – ThatGraemeGuy May 18 '15 at 07:36
  • @ThatGraemeGuy - I'm not an expert, but the rules of wildcard DNS (and my experience with disappearing MX resolution when adding A records) suggests that it will work. See the "host1.example." example on the Wikipedia article for Wildcard DNS. – Andy May 18 '15 at 07:51
  • @ThatGraemeGuy Yes, as Andy said the wildcard rules are based on the existence of names, not on specific record types. The proposed solution will work. – Håkan Lindqvist May 18 '15 at 08:04
  • @Andy: So I've run into a weird vote locking thing: "You last voted on this answer 5 hours ago. Your vote is now locked in unless this answer is edited.". If you can find some way to make a minor edit to your answer I can reverse my downvote. – ThatGraemeGuy May 18 '15 at 12:47