Wildcard DNS entry is broken by more specific (but non-matching) DNS entry

Alexander Overvoorde 0 Reputation points
2023-02-20T11:23:05.5966667+00:00

I have an Azure DNS zone for example.com with two records:

  • * CNAME record pointing to foo.com
  • dummy.api TXT record containing the value dummy

When I ask the DNS servers associated with this zone to resolve bla.example.com then it correctly resolves to the CNAME entry, however when I try to resolve api.example.com it fails to resolve. If I remove the TXT entry then it starts working as expected.

I know that wildcard entries are ignored if a more specific entry exists (regardless of record type), but in this case there is only a more specific entry for dummy.api and not for api.

Is this expected to happen? Is there a way to work around it other than explicitly creating an entry for api?

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
677 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Alexander Overvoorde 0 Reputation points
    2023-02-20T12:59:03.7766667+00:00

    It looks like this situation is covered by section 2.2.2 in RFC 4592 (https://www.rfc-editor.org/rfc/rfc4592), which states that the record dummy.api.example.com results in the implicit existence of an empty record api.example.com, which is why the wildcard entry stops matching. Therefore the only solution is to add an explicit entry for api.example.com with the same CNAME as the wildcard.

    0 comments No comments

  2. KapilAnanth-MSFT 45,451 Reputation points Microsoft Employee
    2023-02-20T17:16:13.3466667+00:00

    @Alexander Overvoorde

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to use wildcard DNS entry in Azure.

    I am afraid I did not fully catch the question.

    When I ask the DNS servers associated with this zone to resolve bla.foo.com

    • Are you referring to bla.example.com instead of bla.foo.com? - Please confirm

    when I try to resolve api.foo.com it fails to resolve

    Here, it should be api.example.com , please correct me if I am wrong.

    Now, yes, your observation is correct

    Azure DNS is RFC Compliant and please refer to this for Wildcards in Azure DNS

    Please let us know if you require additional information.

    Also, I can see your experience on the Q&A community platform for this thread is low. In case the issue has been now addressed we would urge you to reconsider the feedback via this answer

    Your encouragement and involvement help us improve our customer experience and our Azure services.

    Thanks for your continued contribution on Q&A and appreciate much for taking the time to share your feedback.

    Cheers,

    Kapil

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.