Discussion:
Handling of wildcards in CNAME records
Ray Van Dolson via curl-users
2017-08-03 01:13:00 UTC
Permalink
Trying:

$ curl -I http://master-stage.developers.arcgis.com

But getting

curl: (6) Could not resolve host: master-stage.developers.arcgis.com; Name or service not known"

This is w/ curl 7.29.0 on RHEL7.

DNS record is a bit odd:

master-stage.developers.arcgis.com. CNAME *.developers.ago.esri.com.

[ The wildcard record resolves to an RFC1918 IP address via internal DNS
servers so won't work on the Internet -- yes, I'm doing this from
somewhere where it will work :-) ]

dig handles fine but curl and other CLI tools don't seem to work. I
suspect maybe this is something my version of glibc's stub resolver
doesn't handle well, because curl on my OSX machine (curl 7.43.0 linked
against whatever Mac uses for its stub resolver) handles the above
without complaint.

On my RHEL7 machine other glibc linked tools like ping and wget also
don't like this DNS name.

Any ideas?

Ray
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: h
Kamil Dudka via curl-users
2017-08-03 07:36:09 UTC
Permalink
Post by Ray Van Dolson via curl-users
$ curl -I http://master-stage.developers.arcgis.com
But getting
curl: (6) Could not resolve host: master-stage.developers.arcgis.com; Name
or service not known"
This is w/ curl 7.29.0 on RHEL7.
master-stage.developers.arcgis.com. CNAME *.developers.ago.esri.com.
[ The wildcard record resolves to an RFC1918 IP address via internal DNS
servers so won't work on the Internet -- yes, I'm doing this from
somewhere where it will work :-) ]
dig handles fine but curl and other CLI tools don't seem to work. I
suspect maybe this is something my version of glibc's stub resolver
doesn't handle well, because curl on my OSX machine (curl 7.43.0 linked
against whatever Mac uses for its stub resolver) handles the above
without complaint.
On my RHEL7 machine other glibc linked tools like ping and wget also
don't like this DNS name.
Then it could hardly be fixed in curl. You need to get this working
at the level of system name resolver. You can try changing its
configuration in /etc/nsswitch.conf and /etc/resolv.conf .

Kamil
Post by Ray Van Dolson via curl-users
Any ideas?
Ray
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://
Alex Bligh via curl-users
2017-08-04 06:43:34 UTC
Permalink
Post by Ray Van Dolson via curl-users
master-stage.developers.arcgis.com. CNAME *.developers.ago.esri.com.
From memory wildcards are not valid CNAME targets in DNS. You might want to check that.
--
Alex Bligh





-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.
Ray Van Dolson via curl-users
2017-08-04 13:25:04 UTC
Permalink
Post by Alex Bligh via curl-users
Post by Ray Van Dolson via curl-users
master-stage.developers.arcgis.com. CNAME *.developers.ago.esri.com.
From memory wildcards are not valid CNAME targets in DNS. You might want to check that.
I was thinking the same, but RFC2181 perhaps disagrees[1]?

Will continue searching around and perhaps ask on the glibc list.

Thanks,
Ray

[1] https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc2181-23section-2D11&d=DwIBAg&c=n6-cguzQvX_tUIrZOS_4Og&r=czJGymbOhZ_hkSBATTR1tBEa-rp3TRDrIXHDlNd4xDs&m=IwZgjp5g2yjOwyPcstxxSryc6RmD0_EgRdNCAlvOR9o&s=c-xTh5qi69_CZPaai2xMaNw047KKg_SqU_oWM1IaoMI&e=

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette:
Daniel Lublin
2017-08-04 15:55:48 UTC
Permalink
Post by Ray Van Dolson via curl-users
master-stage.developers.arcgis.com. CNAME *.developers.ago.esri.com.
[ The wildcard record resolves to an RFC1918 IP address via internal DNS
servers so won't work on the Internet -- yes, I'm doing this from
somewhere where it will work :-) ]
dig handles fine but curl and other CLI tools don't seem to work. I
suspect maybe this is something my version of glibc's stub resolver
doesn't handle well, because curl on my OSX machine (curl 7.43.0 linked
against whatever Mac uses for its stub resolver) handles the above
without complaint.
On my RHEL7 machine other glibc linked tools like ping and wget also
don't like this DNS name.
Any ideas?
It seems to me that you have turned the label and resource record of your
CNAME around. What I guess you want to accomplish is the resolution of
justanything.developers.ago.esri.com. to master-stage.developers.arcgis.com.
(through a CNAME alias), which in turn would resolve to an IP address of
where some server is answering, and which protocol uses some sort of host
header to distinguish which FQDN the client is expecting.

In the zone file for esri.com this would look like follows. The label (or
owner name), is in the first column in the zone file, then commonly follows
label type and resource record. It is the label that should be the wildcard
asterisk:

$ORIGIN developers.ago.esri.com.
* CNAME master-stage.developers.arcgis.com.

and in the zone file for arcgis.com:

$ORIGIN developers.arcgis.com.
master-stage A 192.168.0.1
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/m

Loading...